NEWSPAPER 


Asking  the  right  questions  for  ROI  metrics.  PAGE  44 


Intel,  IBM  and  Microsoft  catch  Wi-Fi  fever.  PAGE  8 

.... 


I 


WORLDCOM  PLACES 
BET  ON  IP  TELEPHONY 


Struggling  provider  set  to  launch  managed 
service;  analysts  see  its  timing  as  risky 


BY  MICHAEL  MEEHAN 

Embattled  telecommunications 
provider  WorldCom  Inc.  is  pre¬ 
paring  to  roll  out  a  turnkey  ser¬ 
vice  based  on  IP  telephony  that 
will  enable  compa¬ 
nies  to  replace  their 
traditional  public 
switched  telephone 
networks,  Comput- 
erworld  has  learned. 

According  to  in¬ 
ternal  WorldCom  documents 
obtained  by  Computerworld, 
the  vendor  is  training  its  sales 
force  to  sell  a  managed  IP  tele¬ 
phony  service  that  will  run  over 


WorldCom’s  frame-relay,  Asyn¬ 
chronous  Transfer  Mode  and  IP 
networks.  Customers  will  be 
given  the  choice  of  slowly  mi¬ 
grating  to  a  full  voice/data/ 
video  IP  network, 
or  buying  some¬ 
thing  along  the  lines 
of  an  old-style  Ma 
Bell  service  in 
which  WorldCom 
will  lease  all  the 
needed  equipment  to  the  user 
and  route  all  the  call  traffic. 

WorldCom  launched  WAN 
support  for  voice  over  IP  calls 
in  2001  and  added  VOIP  to 


ON  THE  BRINK 

WorldCom  may  be  ready  to 
file  for  bankruptcy  protection. 

©  QuickLink:  31534 
www.computerworld.com 


WINDOWS  GETS 
NEW  BENCHMARK 

Public,  private  sectors 
in  collaborative  effort 

BY  PATRICK  THIBODEAU 

WASHINGTON 

Security  benchmarks  for  oper¬ 
ating  systems  are  typically  ar¬ 
cane  measures  that  get  little 
public  attention.  But  last 
week’s  release  of  a  security 
benchmark  for  Windows  2000 
Professional  drew  broad  gov¬ 
ernment  backing,  including 


White  House  recognition.  And 
this  support  has  made  the 
benchmark’s  creators  hopeful 
that  it  could  ultimately  give  pri¬ 
vate-  and  public-sector  users 
more  leverage  with  vendors. 

What  makes  this  particular 
benchmark  unique  is  the  cast 
of  characters  behind  it.  The 
major  U.S.  government  agen¬ 
cies  that  deal  with  IT  and  secu¬ 
rity,  such  as  the  National  Secu¬ 
rity  Agency,  the  Defense  Infor¬ 
mation  Systems  Agency  and 
the  General  Services  Adminis¬ 
tration,  had  a  hand  in  crafting 
the  benchmark,  as  did  the  Cen¬ 
ter  for  Internet  Security,  a  non- 
Benchmark,  page  53 


LAN  desktops  earlier  this  year. 

It  will  now  combine  those  ser¬ 
vices  with  the  ability  to  make 
all  telephone  calls  over  its  data 
network.  This  comprehensive 
IP  telephony  service  will  be 
pitched  as  a  replacement  for 
companies’  traditional  circuit- 
switched  networks. 

While  WorldCom  declined 
to  comment  about  such  a  ser¬ 
vice  in  advance  of  an  official 
announcement,  a  source  at  the 
company  said  it’s  already  sell¬ 
ing  the  service  at  the  enter¬ 
prise  level  and  the  full  offering 
will  be  released  in  September. 

The  timing  is  interesting, 
given  that  WorldCom  is  em¬ 
broiled  in  a  financial  disaster 
following  revelations  that  it  ar¬ 
tificially  inflated  revenue  state¬ 
ments  to  woo  investors.  Ana¬ 
lysts  question  whether  the  ven¬ 
dor  can  launch  and  support 
such  a  service  as  it  teeters  on 
the  brink  of  bankruptcy. 

WorldCom,  page  53 

WORLDCOM  WATCH 

For  comprehensive  coverage  of  World¬ 
Com  developments,  go  to  our  Web  site.  ? 

O  QuickLink:  a2310  \ 

www.computerworld.com  5 


It’s  one  of  the  gaping  holes  in  project  management: 

IT  professionals  and  their  business  constituents  rarely  agree  on  the 
scope  or  goals  of  a  project.  That's  why  a  growing  number  of  companies 
outside  the  U.S.  are  adopting  so-called  extreme  project  management. 
The  methodology,  which  grew  out  of  the  extreme  programming 
movement,  forces  project  managers  to  leave  the  technology  decisions  to 
the  tech  team  so  they  can  focus  on  managing  external  stakeholders. 
Story  begins  on  page  38. 


MICROSOFT  EYES  SUPPORT  CHANGES 


Licensing  lessons  spur 
alterations  to  program 


BY  CAROL  SLIWA 

Microsoft  Corp.  is  plotting 
changes  to  its  Premier  Support 
option  and  weighing  a  plan  to 
package  support  services  with 
its  volume  licensing  programs, 
a  company  executive  disclosed 
to  Computerworld  last  week. 

Mike  Sinneck,  vice  president 


of  worldwide  services  at  Mi¬ 
crosoft,  said  lessons  the  com¬ 
pany  learned  while  introduc¬ 
ing  its  controversial  volume¬ 
licensing  programs  served  as  a 
“very  large  catalyst”  for  the 
support  service  changes  that 
are  now  under  discussion. 

“Licensing  created  a  large 
need  to  come  to  grips  with 
what  we  need  to  change  about 
our  approach,”  said  Sinneck, 
who  joined  Microsoft  in  Jan¬ 


uary  after  spending  32  years  at 
IBM. 

Microsoft’s  Premier  Support 
option,  which  is  used  by  many 
midsize  and  large  businesses, 
will  be  refreshed  to  “add  more 
value  for  the  existing  cus¬ 
tomers  for  the  same  money,” 
Sinneck  said. 

Less  clear  is  the  level  of  sup¬ 
port  that  Microsoft  will  bundle 
into  the  volume-licensing  pro¬ 
gram  it  introduced  14  months 
ago.  A  key  enrollment  deadline 
for  that  program  is  July  31. 

Licensing,  page  J6 


VALUABLE 
DATA  1 


HACKING 

FOBJUN 


»i.  All  rights  reserved. 


1  ]  In  the  e-business  game,  it’s  called  the  hack  attack,  and  it’s  one  of 
the  many  unpredictable  threats  to  your  company’s  data.The 
defense?  A  security-rich  integrated  infrastructure  that  guards  24/7. 


2]  Get  the  infrastructure  you  need  from  team  IBM  -  a  leader  in 
end-to-end  security  solutions.  With  the  help  of  global  security 
experts,  self-managing  servers,  and  Tivoli®  security  software,  you’ll 
know  your  infrastructure  can  be  secure  on  a  Fort  Knox  scale. 


3]  For  more  winning  plays,  visit  ibm.com/e-business 


@  business  is  the  game.  Play  to  win ; 


51r.aV  •.  «»&k 


*i  •  *?,»«■* 

kT  .v  “i1,  ' 


i 


*»>• 


'  .  •  Ty.  .  *  —  .  F  ✓ 


•:I?  *&«r*  £;•’  $£*  .y'''v’; 


»*•  -  ***, 

.  %  ; 


5-£t8S®-2KP 


k.1;  ,  *  Jb 


Vi  hlk 

—  j 


.<  •  - 

.  . 


Can  your  software  help  keep  your  business  up  and  running  no  matter  what? 

Ours  can. 

Your  company's  infrastructure  is  far  too  important  to  risk.  That's  why  our  full  range  of  business  continuity  solutions  ensures  you're 
able  to  handle  anything.  BrightStor™  storage  solutions  provide  the  most  comprehensive  data  backup  and  recovery.  eTrust™  security 
solutions  provide  total  protection  for  your  entire  enterprise,  not  just  pieces.  And  Unicenter®  infrastructure  software  keeps  your  whole 
business  up  and  running  24x7.  As  your  business  grows  and  becomes  more  complex,  you  need  software  solutions  you  can  rely  on. 
You  may  still  not  know  what's  coming.  But  you  will  know  you're  prepared.  ca.com/continuity 


Business  Continuity  Solutions 


Computer  Associates™ 


©  2002  Computer  Associates  International,  Inc.  (CA).  All  rights  reserved. 


ONLY  THE  STRONG  SURVIVE 


Researchers  such  as  Melanie 
Mitchell  (left)  are  develop¬ 
ing  ways  to  compute  that 
look  a  lot  like  evolution. 

PAGE  34 


OFF-PEAK  PORTAL 

A  Web-based  portal  is  help¬ 
ing  Puget  Sound  Energy’s 
customers  save  money  by 
switching  to  off-peak  gas 
and  electricity  usage.  The 
upshot:  The  Internet  self- 
service  system  has  helped  Puget  reduce  its  workforce,  and  the  utility  antic¬ 
ipates  a  nine-year  return  on  its  $45  million  investment  through  lowered 
costs  and  increased  revenue.  PAGE  40 


NEWS  6 

6  HP  is  dropping  out  of  the 

middleware  market  to  focus  on 
OpenView  and  other  data  center 
management  products. 

7  Most  administrators  fail  to 

patch  systems  for  known  vulnera¬ 
bilities,  despite  increased  aware¬ 
ness  of  the  risks,  say  hackers. 

8  Intel,  IBM  and  three  top  cellular 
carriers  join  forces  to  expand  wire¬ 
less  LAN  coverage. 

10  The  White  House  unveiled 
the  guiding  principles  for  a  cross¬ 
agency  IT  integration  plan  in  the 
Office  of  Homeland  Security  last 
week. 

16  Microsoft  renewed  its  financial 

and  philosophical  commitment  to 
its  extensive  partner  community  at 
the  company’s  Fusion  2002  event. 

BREAKING  NEWS 

For  breaking  news,  updated  twice  daily,  visit: 

QuickLink:  a1510 
www.computerworld.com 


TECHNOLOGY  27 

27  Nicholas  Petreley  offers  a 

quick  and  inexpensive  way  to 
block  unwanted  Internet  content. 

30  Building  Web  services 

requires  a  service-oriented  archi¬ 
tecture,  clean  XML  data  and  well- 
defined  business  processes.  Com¬ 
panies  are  now  laying  these  foun¬ 
dations  for  success. 

32  Johnson  Controls  integrates 
applications  from  outside  suppliers 
using  a  collaboration  exchange 
through  its  corporate  portal. 

35  QuickStudy:  Unified  messaging 
is  the  term  for  a  system  used  to  ac¬ 
cess  e-mail,  voice  and  fax  mes¬ 
sages  through  a  single  common  in¬ 
terface.  Learn  more  in  this  week’s 
primer. 

36  Security  Manager’s  Journal: 

Mathias  Thurman  fine-tunes  his 
company’s  intrusion-detection  sys¬ 
tem  to  reduce  false  alarms  —  and 
his  workload. 


MANAGEMENT  37 

37  John  Berry  writes  that  when 
seeking  approval  for  IT  invest¬ 
ments,  technology  professionals 
should  be  as  interested  in  when  to 
measure  as  in  how  to  measure. 

38  Extreme  project  management 

is  a  relatively  new  approach  that’s 
aimed  at  forcing  project  leaders  to 
focus  on  goals  and  get  business  end 
users  fully  engaged. 

44  Realistic  R0I  calculations 

require  a  proper  governance  sys¬ 
tem  and  procedures  so  business 
leaders  can  ask  the  right  questions 
and  continuously  revisit  them. 

46  Regional  CTO  clubs  are  pop¬ 
ping  up  around  the  U.S.  as  meeting 
places  for  wannabe  and  current 
chief  technology  officers  to  share 
their  experiences. 

47  Career  Adviser  Fran  Quittel 

counsels  a  business  analyst  who 
wants  to  work  on  an  e-commerce 
initiative. 


OPINIONS  24 

24  Patricia  Keefe  questions  IT 
managers’  faith  in  struggling  blue- 
chip  vendors  and  suggests  ways  to 
protect  data  center  operations 
when  big  suppliers  burn  out. 

24  Pimm  Fox  encounters  an  ideal 
way  to  use  business  intelligence  in 
a  distributed  environment  at  an 
affiliate  of  Hyatt  Corp. 

25  Paul  Donnelly  says  that  we 

should  call  the  H-1B  visa  what  it  re¬ 
ally  is:  a  government  subsidy  to 
business  that  runs  counter  to  the 
interests  of  U.S.  workers. 

Frank  Hayes  argues  that  secu¬ 
rity  concerns  won’t  entice  users  to 
purchase  pricey  configuration 
management  tools.  But  those  who 
need  the  most  efficient  software 
are  the  most  likely  buyers. 


Editorial/Letters .  24,  25 

How  to  Contact  CW . 52 

Company  Index . 52 

Shark  Tank  . 54 


WWW.COMPUTERWORLD.COM 


NINE  TIPS  OF  NOTE 

Planning  to  implement  Web  ser¬ 
vices?  Head  online  for  a  checklist 
of  points  to  consider. 

QuickLink:  31366 


NEWS  STRAIGHT  TO 
YOUR  IN-BOX 

Be  sure  not  to  miss  any  of  the  news 
you  need,  by  signing  up  for  our  free 
daily  and  weekly  e-mail  newslet¬ 
ters.  You  can  get  the  latest  news 
headlines  and  Shark  Tank  delivered 
daily,  as  well  as  weekly  newsletters 
on  more  than  20  subjects. 

QuickLink:  a1430 


TOO  MUCH  XML 
OVERHEAD? 

Is  the  flexibility  that  XML  offers 
coming  at  too  high  a  cost  in  terms 
of  the  required  overhead?  Some 
online  community  members 
worry  that  XML  usage  will  eat 
up  too  much  storage  space. 

What’s  your  view? 

QuickLink:  a2330 


WHAT’S  A  QUICKLINK? 

OOn  some  pages  in  this  issue 
you’ll  see  a  QuickLink  code 
pointing  to  additional,  related  con¬ 
tent  on  our  Web  site.  Just  enter  that 
code  into  our  QuickLink  box  online, 
which  you’ll  see  at  the  top  of  each 
page  on  our  site. 

Use  QuickLinks  to  see  related  sto¬ 
ries,  discussion  forums,  research 
links,  archives  and  more. 


COMPUTERWORLD  July  22, 2002 


8 


FDIC  Criticized  on 
IT  Security  Policies 

The  Federal  Deposit  Insurance  Corp. 
(FDIC)  was  faulted  by  the  U.S.  Gen¬ 
eral  Accounting  Office  for  systems 
access  policies  that  give  hundreds 
of  end  users  privileges  they  don’t 
need,  such  as  the  ability  to  modify 
financial  software  and  read,  change 
and  copy  financial  data.  The  FDIC 
said  the  GAO’s  findings  will  help 
improve  its  IT  security. 

IBM  Slims  Cabling 
For  Intel  Servers 

IBM  announced  connectivity  tech¬ 
nology  that  it  said  will  let  IT  man¬ 
agers  tie  together  up  to  256  of  its 
Intel-based  xSeries  servers  while 
using  fewer  switches  and  much 
less  cabling  than  is  needed  now. 

The  Advanced  Connectivity  Tech¬ 
nology  offering  uses  Category  5 
cables  to  daisy-chain  groups  of 
16  rack-mounted  servers  and  sup¬ 
ports  remote  systems  management. 
Pricing  starts  at  SI, 300,  IBM  said. 

Services  Firm  SBI 
To  Buy  Lante,  Scient 

IT  services  firm  SBI  and  Co.  in  Salt 
Lake  City  reached  an  agreement  to 
acquire  Lante  Corp.,  a  consulting 
firm  in  Chicago,  for  about  S40  mil¬ 
lion  in  cash.  The  deal  is  expected  to 
close  this  quarter.  Earlier  last  week, 
SBI  announced  a  deal  to  buy  some 
of  the  assets  of  Scient  Inc.,  a  Web 
consulting  firm  in  New  York  that 
filed  for  bankruptcy  protection. 

Movie  Studio  Buys 
800  Workstations 

Intel  Corp.  today  plans  to  announce 
that  Industrial  Light  &  Magic,  the 
visual  effects  division  of  San  Rafael, 
Calif.-based  movie  studio  Lucas 
Digital  Ltd.,  has  bought  600  Pen¬ 
tium  Abased  workstations  for  use 
in  animation  applications.  Intel  de¬ 
clined  to  identify-  the  hardware  ven¬ 
dor  that’s  supplying  the  systems. 


NEWS 

HP  Confirms  Exit  of  Middleware  Market 


Sets  plan  to  drop  app  server,  shift  focus  to 
OpenView  and  other  management  tools 


BY  JAIKUMAR  VIJAYAN 

As  expected,  Hewlett-Packard 
Co.  last  week  said  that  it  will 
discontinue  selling  its  Java- 
based  Netaction  Application 
Server  software  and  its  Web 
Services  middleware  suite. 

The  company  plans  instead 
to  increase  its  focus  on  and  in¬ 
vestment  in  its  HP  OpenView, 
HP  Utility  Data  Center  and  HP 
Opencall  software  suites. 

The  idea  is  to  “leverage  and 
add  value”  in  areas  where  the 
company  already  has  assets, 
experience  and  leadership,  said 
Nora  Denzel,  general  manager 
of  HP’s  software  division,  in  a 
statement. 

HP  said  it  will  continue 
to  develop  products  in  the 
Web  services  management  and 
business  activity  management 
spaces.  But  it  will  rely  on  part¬ 
ners  to  deliver  the  application 
server  and  other  pieces  of  the 
middleware  stack. 

To  that  end,  the  company  re¬ 
cently  announced  a  partner¬ 
ship  with  BEA  Systems  Inc., 
whose  WebLogic  application 
server  package  shares  the  top 
spot  in  the  market  with  IBM’s 
WebSphere. 

BEA  and  HP  plan  to  jointly 
market,  sell  and  deliver  inte¬ 
grated  application  server  soft¬ 
ware,  hardware  and  services 
across  all  HP  operating  sys¬ 
tems.  HP  said  it  intends  to  pur¬ 
sue  similar  partnerships  to  de¬ 
liver  other  middleware  pieces. 

Consequences  for  Customers 

HP’s  decision  to  withdraw 
from  the  middleware  market 
came  as  no  surprise.  The  com¬ 
pany  has  said  for  some  time 
that  it  was  reassessing  its  mid¬ 
dleware  portfolio  and  hinted 
last  month  that  it  was  mulling 
a  pullout  from  the  market 
[QuickLink:  30405]. 

Still,  the  announcement  is 
“bad  news  for  us,”  said  Vince 
Hunt,  an  executive  vice  presi¬ 
dent  at  Altura  International 
Inc.,  a  Monterey,  Calif.-based 
company  that  builds  online 


shopping  malls  for  customers 
such  as  Sunnyvale,  Calif. -based 
Yahoo  Inc. 

HP’s  Netaction  Application 
Server  is  a  core  part  of  Altura’s 
software  stack,  and  Hunt  said 
that  the  vendor’s  decision  to 
withdraw  it  from  the  market 
will  force  his  company  to 
migrate  to  another  application 
server  product. 

“We  saw  the  handwriting  on 
the  wall  nine  months  ago  when 
the  HP/Compaq  merger  was 
under  way,  and  we’ve  been  de¬ 
veloping  our  own  application 
server  since  then,”  Hunt  said. 
“Unfortunately,  it  looks  like  we 
will  have  to  migrate  to  it  faster 


Itanium  2  systems 
aim  for  data  centers 

BY  JAIKUMAR  VIJAYAN 

The  slow  adoption  rate  being 
predicted  for  Intel  Corp.’s 
recently  introduced  64-bit  Ita¬ 
nium  2  chip  isn’t  stopping 
some  companies  from  rolling 
out  high-end  corporate  sys¬ 
tems  based  on  the  technology. 

Blue  Bell,  Pa.-based  Unisys 
Corp.  last  week  introduced 
two  Itanium  2  servers  that  it 
says  deliver  mainframe-class 
performance  at  a  lower  cost. 

The  new  Unisys  Aries  and 
Orion  servers  add  to  the  com¬ 
pany’s  ES7000  line  of  highly 
scalable  Intel-based  systems. 
The  servers  are  built  around 
Unisys’  Cellular  Multi-Process¬ 
ing  architecture,  which  lets 
users  partition  a  multiproces¬ 
sor  Intel  server  into  multiple, 
smaller  boxes  and  run  mixed 
Unix  and  Windows  workloads 
on  the  machine. 

The  32-processor  Orion  se- 


than  we  had  hoped  to.” 

HP’s  decision  runs  some¬ 
what  counter  to  the  strategies 
being  followed  by  rivals  IBM 
and  Sun  Microsystems  Inc., 
both  of  which  are  trying  to  add 
value  by  focusing  heavily  on 
their  own  middleware  and  ap¬ 
plication  server  capabilities, 
said  Joyce  Becknell,  an  analyst 
at  The  Sageza  Group  Inc.  in 
Mountain  View,  Calif. 

“On  the  one  hand,  it  is  a  little 
bit  surprising  that  HP  would 
want  to  walk  away  from  this 
space,”  Becknell  said. 

But  given  the  dominance  of 
IBM  and  BEA  in  the  applica¬ 
tion  server  market,  HP  proba¬ 
bly  figured  that  it  would  make 
more  sense  to  simply  partner 
with  San  Jose-based  BEA  than 
to  spend  the  time  and  effort 
attempting  to  carve  out  its  own 


ries  is  the  higher  end  of  the 
two  server  lines  announced 
by  Unisys  and  comes  with 
high-availability  features  such 
as  redundant  memory,  proces¬ 
sor  and  management  consoles, 
and  two  isolated  power  and 
cooling  systems.  The  Orion 
series  is  tuned  to  compete  in 


Unisys’  Systems 

ES7000  ORION  130 

■  Up  to  32  Itanium  2  processors 
in  two  independent  domains  of 
16  processors 

■  Up  to  64GB  of  memory  per 
domain 

■  Up  to  64  internal  1/0  slots 

■  Features  Server  Sentinel  plat¬ 
form  management  software 


ES7000  ARIES  130 

■  Up  to  16  Itanium  2  processors 

■  Up  to  64GB  of  memory 

■  Up  to  16  I/O  slots 

■  Features  Server  Sentinel  plat¬ 
form  management 


Unisys  Pursues  High-End 
Market  With  Intel  Servers 


Shifting  Gears 


HP’s  software  strategy 
will  focus  on  the  following 
three  areas: 

HP  OPENVIEW:  Management 
software  designed  to  auto¬ 
mate  and  manage  key  IT 
infrastructure  processes 

HP  UTILITY  DATA  CENTER: 
Software  that  enables  data 
centers  to  take  better  advan¬ 
tage  of  existing  hardware 
and  software  resources 

HP  OPENCALL:  Middleware 
for  the  telecommunications 
and  wireless  service  and 
equipment  provider  markets 

niche,  Becknell  added. 

HP,  which  will  continue  to 
support  its  discontinued  mid¬ 
dleware  for  another  three  years, 
said  it  will  provide  transition 
program  details  for  customers 
by  Sept.  15. 1 


the  traditional  high-end  Unix 
server  market  against  products 
such  as  IBM’s  pSeries  servers 
and  Sun  Microsystems  Inc.’s 
UltraSPARC  II-based  systems, 
said  Mark  Feverston,  a  senior 
vice  president  in  Unisys’  enter¬ 
prise  server  group. 

“The  performance  is  much 
better  than  first-generation  Ita¬ 
nium  and  is  very  competitive 
with  RISC  processors  from 
IBM  and  Sun,”  said  Richard 
Fichera,  an  analyst  at  Giga  In¬ 
formation  Group  Inc.  in  Cam¬ 
bridge,  Mass. 

Pricing  for  the  Orion  server 
starts  at  about  $140,000  and 
tops  out  at  less  than  $800,000 
for  a  fully  configured  system  — 
considerably  less  than  the 
$1  million  or  more  that  high-end 
Unix  servers  from  other  ven¬ 
dors  cost,  according  to  analysts. 

“This  64-bit  platform  is  truly 
a  step  above  Intel’s  first  Itani¬ 
um.  I  think  it  at  least  equals  or 
betters  the  offerings  on  the 
Unix  side,”  said  George  Narr, 
CIO  at  PolyMedica  Corp.,  a 
Woburn,  Mass.-based  medical 
products  and  services  firm. 

PolyMedica  will  be  taking 
delivery  of  a  new  Orion  server 
shortly  and  is  hoping  to  get 
at  least  a  40%  performance 
boost  over  its  current  ES7000 
servers,  Narr  said.  I 


7 


COMPUTERWORLD  July  22, 2002 


Corporate  America 
Is  Lazy,  Say  Hackers 

Vandalism  of  USA  Today  site  a  warning 


BY  DAN  VERTON 

HEN  A  group 
of  Web  van¬ 
dals  hacked 
into  USA  To¬ 
day’s  Web 
site  July  11  and  inserted  false 
news  stories,  the  Internet  se¬ 
curity  community  got  a  taste  of 
how  serious  Web  page  deface¬ 
ments  can  be. 

While  most  security  profes¬ 
sionals  consider  Web  page  de¬ 
facements  nothing  more  than  a 
nuisance,  hackers  and  analysts 
said  the  newspaper  got  off 
easy.  Subtle  changes  to  the  site 
could  have  been  much  more 


damaging,  they  said.  In  addi¬ 
tion,  the  hack  demonstrates 
the  continued  vulnerability  of 
Web  sites  as  a  result  of  poor 
administration. 

Although  the  defacement  led 
to  only  minor  downtime  for 
USA  Today’s  Web  site,  compa¬ 
nies  should  fear  the  economic 
ramifications  of  such  hacks, 
said  Peggy  Weigle,  CEO  of 
Sanctum  Inc.,  a  security  con¬ 
sultancy  in  Santa  Clara,  Calif. 

“Imagine  a  press  release  be¬ 
ing  posted  that  says  the  CEO 
and  CFO  are  resigning  due  to 
undisclosed  ethical  or  finan¬ 
cial  concerns.  The  stock  price 


would  likely  plummet  immedi¬ 
ately,”  said  Weigle.  Companies 
should  always  audit  Web  appli¬ 
cations  before  “taking  them 
live”  on  the  Internet,  she  said. 

Hackers  Find  Open  Doors 

“We  found  in  our  auditing 
that  90%  of  all  attacks  stem 
from  poor  configuration  and 
administrators  that  do  not  con¬ 
sistently  update  the  software 
they  use,”  said  EPiC,  the  leader 
of  a  white  hat  hacker  group 
known  as  Hack3r.com. 

A  hacker  who  goes  by  the 
nickname  Hackah  Jak  agreed.  “I 
can  in  minutes  code  a  scanner 
to  scan  the  Internet  for  2-year- 
old  known  vulnerabilities,”  he 
said.  “I’ve  hit  a  lot  of  worksta¬ 


tions  this  way  and  then  worked 
my  way  through  the  network  to 
the  server.” 

A  hacker  nicknamed  RaFa 
was  the  leader  of  the  World  of 
Hell  defacement  group,  which 
racked  up  thousands  of  Web 
site  defacements  before  dis¬ 
banding  last  year.  He  said  that 
in  addition  to  making  simple 
configuration  mistakes,  most 
administrators  don’t  keep  up 
with  the  updates  and  patches 
released  by  software  vendors. 

“They  don’t  update  services 
running  on  the  system,  and  they 
set  up  permissions  and  software 
settings  the  wrong  way  on  the 
Web  server,”  said  RaFa. 

However,  the  real  problem 
isn’t  laziness;  it’s  trust,  said 
Genocide,  the  leader  of  the 
Genocide2600  hacker  group. 
Most  administrators  and  man¬ 
agers  simply  trust  that  their  sys¬ 
tems  are  secure,  he  said. 

“That  is  their  first  and  biggest 
mistake,”  Genocide  said.  I 


Ways  to  Protect 

Web  Content 

USE  message  authentication 
and  document-signing 
technologies. 

2  DEPLOY  digital  rights 
management  software. 

3  SUBSCRIBE  to  automated 
security/patch  notification 
services  for  the  software  ven¬ 
dors  you  do  business  with. 

4  AUDIT  Web  server  configu¬ 
rations,  applications,  guest 
accounts  and  user  permis¬ 
sions  before  going  live. 

5  CONSIDER  content  man¬ 
agement  software  that  offers 
digital  hashing  of  HTML 
documents  and  images. 

SOURCES:  BILL  MALIK,  AN  ANALYST  AT 
KPMG  LLP  IN  STAMFORD,  CONN..  AND 
KEITH  MORGAN.  CHIEF  OF  INFORMATION 
SECURITY  AT  TERRADON  COMMUNICA¬ 
TIONS  GROUP  LLC  IN  NITRO.  W.VA 


Survey  Finds  Sites  Lack  Risk  Policies 


According  to  a  recent  study,  corpo¬ 
rate  risk  management  policies  are 
rarely  being  applied  to  Web  assets, 
which  can  lead  to  problems  such  as 
those  experienced  by  USA  Today 
earlier  this  month. 


Watchfire  Corp.,  a  Web  manage¬ 
ment  firm  in  Lexington,  Mass.,  and 
Hewlett-Packard  Co.  last  week  re¬ 
leased  the  results  of  a  survey  that 
asked  IT  managers  and  business 
executives  at  600  companies  of  all 


sizes  about  their  companies’  Web 
site  risk  management  policies  and 
practices.  The  survey  found  that: 

■  More  than  80%  of  respon¬ 
dents  ranked  Web  site  security  as 
the  most  critical  issue,  followed  by 
privacy  and  accessibility. 

■  Most  organizations'  risk  man¬ 
agement  policies  and  practices 


haven’t  kept  pace  with  the  burgeon¬ 
ing  use  of  Web  sites. 

■  Although  companies  are  con¬ 
cerned  about  risk,  some  aren’t  clear 
as  to  what  those  risks  are. 

■  Many  companies  that  are  cog¬ 
nizant  of  the  risks  haven’t  yet  com¬ 
mitted  the  resources  to  extend  their 
corporate  risk  management  program 


to  the  corporate  Web  site. 

■  While  organizations  acknowl¬ 
edge  the  need  for  security,  the  com¬ 
plexity  of  Web  sites  and  the  under¬ 
lying  computing  infrastructure  (Web 
applications,  servers  and  networks) 
makes  it  difficult  to  proactively  iden¬ 
tify  and  fix  security  holes. 

-  Dan  Verton 


Aspelle  Aims  to  Give  Remote 
Workers  Secure  App  Access 


Start-up's  software 
opens  up  systems 
to  browser  users 


BY  JAIKUMAR  VIJAYAN 

New  York-based  start-up  As¬ 
pelle  Ltd.  this  week  will  formal¬ 
ly  launch  a  software  package 
aimed  at  letting  remote  work¬ 
ers  securely  access  all  of  their 
companies’  Web  or  host-based 
applications  from  anywhere, 
using  just  a  browser. 

Called  Aspelle  Everywhere, 
the  software  was  originally  de¬ 
veloped  for  internal  use  by  in¬ 
vestment  banking  firm  Dresd- 
ner  Kleinwort  Wasserstein  with 


help  from  Microsoft  Corp.  New 
York-based  Dresdner  decided 
to  spin  the  technology  off  into 
a  commercial  product  and  As¬ 
pelle  now  operates  as  an  inde¬ 
pendent  company. 

What  separates  the  technol¬ 
ogy  from  others  in  its  category 
is  its  ease  of  implementation 
and  the  wide  range  of  applica¬ 
tions  and  services  that  can  be 
remotely  accessed  with  it,  said 
Simon  Johnson,  vice  president 
of  technology  at  Aspelle. 

Remote  users  who  want  ac¬ 
cess  to  enterprise  applications 
simply  log  on  to  a  portal  site. 
They’re  authenticated  there  and 
then  passed  on  to  another  Web 
page,  where  they  are  presented 


with  the  applications  they’re 
authorized  to  use. 

Other  vendors,  such  as  Neo- 
teris  Inc.  in  Mountain  View, 
Calif.,  and  Tarantella  Inc.  in 
Santa  Cruz,  Calif.,  offer  vary¬ 
ing  degrees  of  the  same  capa¬ 
bility,  but  few  have  designed 
their  products  from  the  ground 
up  to  provide  both  secure  ac¬ 
cess  and  remote  connectivity, 
said  Sally  Hudson,  an  analyst 
at  IDC  in  Framingham,  Mass. 

Aspelle  Everywhere  uses 
Windows  Terminal  Services 
and  Citrix  Systems  Inc.’s 
MetaFrame  software  to  pro¬ 
vide  remote  access  to  Win¬ 
dows  applications.  Unix  appli¬ 
cations  are  presented  to  the 
user  via  Seattle-based  WRQ_ 
Inc.’s  Reflection  or  software 
from  Fort  Lauderdale,  Fla.- 
based  Citrix.  Applications  run¬ 
ning  on  systems  such  as  main¬ 
frames  and  IBM  AS/400s  (now 
called  iSeries  servers)  are  ac¬ 


cessed  using  WRQReflection. 

Aspelle  Everywhere  uses 
128-bit  Secure  Sockets  Layer 
(SSL)  encryption  to  secure  ac¬ 
cess.  It  supports  a  variety  of 
user  authentication  methods, 
including  user  names  and  pass¬ 
words,  X.509-based  digital  cer- 


SNAPSHOT 


Aspelle 

Everywhere 

■  Provides  secure  remote  access 
to  enterprise  applications. 

■  No  client-side  installation  required; 
companies  just  have  to  install  some 
server-side  software. 

■  No  firewall  interference:  All  applica¬ 
tions  remain  behind  the  enterprise's 
firewall,  keeping  only  standard  Inter¬ 
net  access  ports  open. 

■  Supports  industry  standards  such 
as  SSL,  X.509  digital  certificates. 
RSA  SecurlD,  HTTP,  HTTPS.  3270 
and  5250  emulation,  and  VT/Telnet. 


tificates  and  SecurlD  technol¬ 
ogy  from  RSA  Security  Inc.  in 
Bedford,  Mass. 

An  SSL-based  technology  like 
Aspelle’s  “really  fits  the  bill” 
when  it  comes  to  providing 
remote  access  to  corporate 
e-mail  applications  and  for 
file-sharing  purposes,  said  Jeff 
Philips,  an  analyst  at  Tele- 
Choice  Inc.  in  Tulsa,  Okla. 

Unlike  virtual  private  net¬ 
works  (VPN)  and  other  IPsec- 
based  remote  access  tools  that 
tie  users  to  specific  machines, 
the  SSL  approach  used  by  As¬ 
pelle  and  Neoteris  provides 
more  flexibility,  he  said. 

“But  it  is  unlikely  that  a  com¬ 
pany’s  finance  department  will 
send  information  back  and 
forth  regarding  its  end-of-year 
numbers  over  SSL,”  Philips 
said.  For  that,  it  would  likely 
rely  on  something  like  a  VPN, 
which  provides  more  robust 
security,  he  added.  > 


COMPUTERWORLD  July  22, 2002 


NEWS 


Intel,  IBM  Push  for 
Public  Wireless  LAN 

Plans  for  nationwide  Wi-Fi  network 

being  developed  with  cellular  carriers 


BY  BOB  BREWIN 

NTEL  CORP.  AND  IBM  are 
using  their  technology 
and  investment  muscles 
to  push  the  development 
of  a  nationwide  public- 
access  wireless  LAN. 

According  to  reports  last 
week,  Intel,  IBM  and  three  of 
the  nation’s  largest  cellular 
carriers  have  begun  discus¬ 
sions  to  form  a  separate  com¬ 
pany  that  would  provide  na¬ 
tionwide  high-speed  wireless 
data  services  based  on  the 
802.11b,  or  Wi-Fi,  wireless  LAN 
standard.  The  effort  is  called 
Project  Rainbow. 

Laura  Anderson,  a  spokes¬ 
woman  for  Intel  Capital,  Intel’s 
investment  arm,  declined  to 
comment  directly  on  Project 
Rainbow  but  said  that  the  com¬ 
pany  views  the  development  of 
a  nationwide  public-access 
wireless  LAN  “as  an  interest¬ 


ing  area.”  She  added  that  Intel 
Capital  is  considering  invest¬ 
ments  in  “a  couple  of  compa¬ 
nies  that  can  put  wireless 
LANs  together  to  make  them 
into  a  wireless  WAN.” 

IBM,  which  also  declined  to 
comment  on  Project  Rainbow, 
already  offers  a  product  it  calls 
the  Everywhere  Wireless  Gate¬ 
way,  which  lets  users  roam  from 
cellular  to  wireless  LANs.  Ana¬ 
lysts  said  this  is  an  essential  ar¬ 
chitectural  element  for  any 
cellular  company  considering 
a  move  into  wireless  LANs. 

The  cellular  carriers  said  to 
be  involved  in  the  Project 
Rainbow  talks  include  AT&T 
Wireless  Services  Inc.  in  Red¬ 
mond,  Wash.,  Cingular  Wire¬ 
less  in  Atlanta  and  Verizon 
Wireless  in  Bedminster,  N.J. 
All  three  declined  to  comment. 

But  Mark  Siegel,  an  AT&T 
spokesman,  said  Wi-Fi  is 


viewed  “as  a  complementary 
technology  for  us,  and  we  are 
looking  to  see  where  it  fits  in.” 

Craig  Mathias,  an  analyst  at 
Farpoint  Group  in  Ashland, 
Mass.,  said  he  has  no  doubt 
that  one  or  more  cellular  carri¬ 
ers  will  launch  nationwide 
public-access  wireless  LANs. 
“We  could  have  as  many  as  five 
networks,”  he  said. 


Dennis  Eaton,  chairman  of 
the  Wireless  Ethernet  Compat¬ 
ibility  Alliance,  an  industry 
trade  group  in  Mountain  View, 
Calf.,  said  that  large,  well- 
heeled  players  are  needed  to 
fully  develop  the  pubic-access 
wireless  LAN  market. 

“Right  now,  coverage  is  sort 
of  spotty,”  Eaton  said,  adding 
that  the  problem  could  be  re¬ 
solved  by  a  nationwide  net¬ 
work  backed  by  cellular  carri¬ 
ers  and  equipment  manufac¬ 
turers.  Any  such  network 
would  take  at  least  two  years  to 
develop  and  deploy,  he  added. 

Intel  Capital  has  already 


made  investments  in  six  wire¬ 
less  LAN  start-up  companies, 
Anderson  said,  and  it  intends 
to  continue  making  invest¬ 
ments  in  emerging  wireless 
technologies.  Two  of  the  com¬ 
panies,  STSN  Inc.  in  Salt  Lake 
City  and  iPass  Inc.  in  Redwood 
Shores,  Calif.,  are  focused  on 
the  public-access  wireless 
LAN  market,  Anderson  said. 

IPass  provides  global,  re¬ 
mote  access  to  enterprises  and 
currently  offers  its  users  ac¬ 
cess  to  120,000  dial-up  and  ho¬ 
tel  room  Ethernet  connections 
and  400  wireless  LAN  “hot 
spots”  worldwide,  according  to 
spokesman  John  Sidline. 

When  asked  about  Project 
Rainbow,  Jon  Russo,  vice  presi¬ 
dent  for  marketing  at  iPass, 
said  he  expects  “larger  compa¬ 
nies  to  join  a  market  currently 
dominated  by  smaller  start¬ 
ups,  which  are  currently  dri¬ 
ving  growth  in  this  industry.” 

Christian  Gunning,  a  spokes¬ 
man  for  Boingo  Wireless  Inc. 
in  Santa  Monica,  Calif.,  which 
offers  public-access  wireless 
LAN  service  in  a  few  areas, 
said  his  company  welcomes 
Project  Rainbow. 

“We  think  the  concept  is 
great,”  Gunning  said.  “Any  sign 
that  large  companies  are  taking 
an  active  interest  in  Wi-Fi  is 
good  for  the  industry.”  I 


AT  A  GLANCE 


Intel  Capital’s 
Wireless  Bets 

BLUESOCKET INC. 
www.bluesocket.com 

Burlington,  Mass. 

■  Wireless  gateways 


INTERLINK  NETWORKS  INC. 
www.interlinknetworks.com 

Ann  Arbor,  Mich. 

■  Wireless  LAN  access  authentica¬ 
tion  and  authorization  software 


IPASS  INC. 

www.ipass.com/main.php 

Redwood  Shores,  Calif. 

■  Has  16,000  dial-up  and  104,000 
hotel  room  Ethernet  connections,  plus 
400  wireless  LAN  Points  of  Presence 


NOMADIX  INC. 
www.nomadix.com 

Westlake  Village,  Calif. 

■  Network  configuration  software 
and  subscriber/user  gateways 


STSN  INC. 

www.stsn.com/index.html 

Salt  Lake  City 

■  Broadband  access  for  hotels 


TRANSAT  TECHNOLOGIES  INC. 
www.transat-tech.com 

Southlake,  Texas 
■  Network  authentication  and 
billing  software 


Microsoft  Plans  Foray  Into 
Home  WLAN  Device  Market 


Move  could  create 
security  problems 
for  corporate  IT 

BY  BOB  BREWIN 

Microsoft  Corp.’s  plan  to  enter 
the  consumer  wireless  LAN 
market  in  the  fall  bodes  ill  for 
IT  managers  concerned  with 
securing  and  managing  their 
network  access  points,  ana¬ 
lysts  said  last  week. 

According  to  Craig  Mathias, 
■  ilyst  at  Farpoint  Group  in 
i. !  lass.,  Microsoft’s  ar¬ 
rive.  L  v  ill  only  add  fuel  to  an  ex- 
plo  lmg  market.  IDC  in  Fram¬ 


ingham,  Mass.,  has  predicted 
that  the  installed  base  of  wire¬ 
less  LAN  cards  will  reach  100 
million  units  by  2004. 

But  widespread  growth  of 
the  home  and  public-access 
wireless  LAN  markets  will 
only  mean  headaches  for  IT 
managers,  who  will  likely  en¬ 
counter  more  unauthorized 
and  insecure  access  points  set 
up  without  their  knowledge  by 
employees,  said  Chris  Kozup, 
an  analyst  at  Meta  Group  Inc. 
in  Stamford,  Conn.  In  addition, 
he  said  users  will  have  to 
scramble  to  integrate  home 
and  road  wireless  LAN  use 
with  corporate  networks. 


Microsoft  posted  some  ini¬ 
tial  information  about  its  home 
wireless  LAN  hardware  on  its 
Web  site  this  month  but  de¬ 
clined  to  provide  more  details 
until  it  introduces  the 
products.  But  Computerworld 
has  learned  that  the  company 
plans  to  build  the  devices 
around  chip  sets  manufactured 
by  Intersil  Corp.,  in  Irvine, 


Microsoft  Home 
WLAN  Hardware 

■  Microsoft’s  WLAN  products  use 
the  802.11b  chip  set  from  Intersil 
and  hardware  manufactured  by 
Accton  Technology. 

■  The  company’s  WLAN  access 
point/router,  PC  card  and  USB 
adapter  have  been  certified  to 
meet  Wi-Fi  standards. 


Calif.,  with  Microsoft-branded 
hardware  built  by  Accton  Tech¬ 
nology  Corp.  in  Singapore. 

A  short  list  of  the  Microsoft 
products  that  have  already 
gained  Wi-Fi  certification  has 
been  posted  on  the  Web  site 
operated  by  the  Wireless  Eth¬ 
ernet  Compatibility  Alliance,  a 
nonprofit  trade  association  in 
Mountain  View,  Calif.  The  site 
shows  that  Microsoft  has  al¬ 
ready  obtained  certification 
for  a  home  networking  access 
point/router,  a  home  network¬ 
ing  PC  card  and  a  home  net¬ 
working  Universal  Serial  Bus 
(USB)  adapter. 

Sources  familiar  with  the 
project  who  declined  to  be 
named  confirmed  Microsoft’s 
plans.  John  Allen,  an  Intersil 
spokesman,  referred  questions 
about  the  deal  to  Microsoft. 

The  decision  marks  a  shift 
from  Microsoft’s  long-standing 


relationship  with  Intel  Corp., 
which  has  developed  the  chips 
that  power  Microsoft’s  desktop 
and  server  software. 

“This  could  be  huge  for  In¬ 
tersil,”  said  Weston  Henderek, 
an  analyst  at  ARS  Inc.  in  La  Jol¬ 
la,  Calif. 

Wireless  LAN  products  op¬ 
erating  under  the  Wi-Fi,  or 
802.11b,  standard  provide  11M 
bit/sec.  connectivity;  those  op¬ 
erating  under  the  802.11a  stan¬ 
dard  offer  transmission  rates 
of  54M  bit/sec.  Microsoft  said 
it  plans  to  sell  products  based 
on  802.11b,  but  Intersil  and  Ac¬ 
cton  also  offer  802.11a  prod¬ 
ucts,  providing  an  easy  future 
migration  path  for  Microsoft.  ► 


PLAYING  IT  SAFE 

Read  about  new  security  tools  that  beef  up 
companies’  wireless  LAN  protection. 

QuickLink:  31504 
computerworld.com 


Features 

BEA 

Oracle 

Model  Web  Services  sf 

Develop  EJB  for  Building  Web  Services 

4* 

i  * 

1  * 

Develop  JSP  &  Servlets  for  Building  Web  Services 

»  a 

»  a 
e  * 

«  * 

Debug  Remote  Web  Services 

**  % 

%  s 
a  ^ 

Profile  Web  Services  Performance 

#■'*  *  a 

1  s 

s  #• 

✓ 

Optimize  Web  Services  Code 

«  **• 

*■  * 

%  s 

a  „  * 

«r 

Validate  XML  for  Web  Services 

@  a 
*  i 

a  v 

v  m 

✓ 

Support  Web  Services  Team  Development 

*  a 
*  a 

l  < 

*  *  * 

✓ 

Deploy  Web  Services  to: 

WebLogic  Only 

Any  J2EE  Server 

Oracle  is  #1  in  Web  Services 


Copyright  ©  2002  Oracle  Corporation.  All  rights  reserved.  Oracle  is  a  registered  trademark  of  Oracle  Corporation. 
Other  names  may  be  trademarks  of  their  respective  owners. 


oracie.com/ad 
or  call  1.800.633.1072 


10 


Microsoft's  Income, 
Revenue  Up  in  Q4 

Microsoft  Corp.  reported  net  income 
of  $1.53  billion  for  its  fourth  quarter 
ended  June  30,  up  from  the  year- 
earlier  total  of  $65  million.  Both 
figures  were  reduced  by  charges 
related  to  investment  losses,  which 
totaled  $617  million  in  the  just- 
finished  quarter  and  $2.6  billion  a 
year  ago.  Microsoft  said  Q4  revenue 
was  $7.25  billion,  up  10%  from 
$6.58  billion  a  year  ago.  Analysts 
attributed  the  growth  to  purchases 
made  to  meet  a  July  31  licensing 
deadline  [QuickLink:  30803]. 


Sun  Ekes  Out  Profit; 
Others  Still  Struggling 

Sun  Microsystems  Inc.  narrowly 
returned  to  the  black  in  its  fourth 
quarter  ended  June  30,  reporting 
a  $28  million  profit  despite  a  13% 
drop  in  revenue  to  $3.4  billion.  But 
IBM,  SAP  AG,  EMC  Corp.,  Intel 
Corp.,  PeopleSoft  Inc.  and  Siebel 
Systems  Inc.  all  reported  lower  re¬ 
sults  year-over-year  for  the  latest 
quarter.  Details  can  be  found  on  our 
Web  site  [QuickLink:  a1150], 

EMC,  HP  to  Share 
Storage  Interfaces 

EMC  and  Hewlett-Packard  Co.  said 
they’re  expanding  a  deal  under  which 
the  storage  rivals  will  cross-license 
some  of  their  application  program¬ 
ming  interfaces.  The  agreement 
paves  the  way  for  Hopkinton,  Mass.- 
based  EMC  and  HP  to  develop  stor¬ 
age  management  applications  that 
can  control  each  other’s  devices. 


Short  Takes 

Hi1  fired  or  suspended  about  150 
employees  in  the  U.K.  for  violating 
its  e-mail  system  usage  policy. . . . 

CORP.  in  Sunnyvale, 

Calif.,  lecommended  that  share¬ 
holders  who  own  25%  of  its  stock 
itije' :  the  latest  buyout  bid  by  ma¬ 
jority  owner  NETWORK  ASSOU¬ 
AN  in  Santa  Clara,  Calif. 


NEWS 

Homeland  Security 
CIO  Digs  Into  Strategy 


Says  ‘huge  change-management  initiative ’ 
will  be  necessary  for  IT  to  help  the  cause 


BY  DAN  VERTON 

WASHINGTON 

he  bush  adminis¬ 
tration’s  CIO  for 
homeland  security 
initiatives  laid  out 
last  week  what  he 
described  as  an  integrated  IT 
plan  designed  to  improve  areas 
such  as  information-sharing, 
data  management  and  privacy. 

“If  we  focus  only  on  the 
technology,  we’re  going  to  be 
in  trouble,”  said  Steve  Cooper, 
senior  director  for  information 
integration  and  CIO  for  the 
Office  of  Homeland  Security 
in  Washington. 

And  Cooper  should  know. 
Formerly  CIO  at  Corning  Inc. 
in  Corning,  N.Y.,  Cooper  held  a 
number  of  senior-level  IT 
management  positions  before 
joining  the  Bush  administra¬ 
tion  in  March.  He  also  previ¬ 
ously  worked  as  director  of  IT 
at  Eli  Lilly  and  Co.  in  Indi¬ 
anapolis  and  held  senior-level 
technical  positions  at  Comput¬ 
er  Sciences  Corp.  in  El  Segun- 
do,  Calif.,  and  CACI  Interna¬ 
tional  Inc.  in  Arlington,  Va. 

Big  Consolidation 

“Unless  there  is  an  overall 
charter  and  a  business  strategy 
. . .  the  resulting  IT  enablement 
won’t  link  beyond  the  organiza¬ 
tional  boundaries,”  said  Coop¬ 
er,  referring  to  the  22  federal 
agencies  that  would  be  consoli¬ 
dated  under  President  Bush’s 
proposal  to  create  a  cabinet- 
level  Department  of  Homeland 
Security.  “What  we’re  really 
trying  to  do  is  a  huge  change- 
management  initiative.” 

Cooper  is  steering  what  has 
been  described  as  one  of  the 
biggest  initiatives  of  its  kind, 
using  what  he  called  “five  guid¬ 
ing  principles.”  Those  princi¬ 
ples  include  a  focus  on  privacy, 
integration  of  the  private  sec¬ 


tor  and  state  and  local  govern¬ 
ments,  data  capture  and  reuse, 
the  establishment  of  databases 
of  record,  and  the  leveraging  of 
work  that’s  already  under  way 
to  create  a  single  federal  enter¬ 
prise  architecture. 

Howard  Schmidt,  vice  chair¬ 
man  of  the  President’s  Critical 
Infrastructure  Protection  Board 
and  formerly  chief  security  of¬ 
ficer  at  Microsoft  Corp.,  credit¬ 
ed  Cooper  and  his  colleagues 
with  establishing  an  “entrepre¬ 
neurial  mind-set”  within  the 
new  office.  Schmidt,  who’s 
working  with  the  private  sector 
to  meet  a  September  deadline 
for  releasing  the  national  cyber¬ 
security  portion  of  the  presi¬ 
dent’s  homeland  security  plan, 


Will  take  ‘extremely 
long  time/  despite 
aggressive  effort 


BY  PATRICK  THIBODEAU 

WASHINGTON 

The  FBI  is  moving  aggressively 
to  replace  an  antiquated  com¬ 
puter  system  that  uses  green 
screens,  but  it  will  still  take 
two  years  to  complete  the  proj¬ 
ect,  a  bureau  official  told  a  Sen¬ 
ate  committee  last  week. 

The  two-year  estimate  is  bet¬ 
ter  than  the  original  timeline, 
which  put  the  completion  date 
at  three  years  from  now.  But 
June  2004  is  still  too  long  to 
wait,  said  Sen.  Charles  Schumer 
(D-N.Y.),  chairman  of  the  Sen¬ 
ate  Judiciary  Committee’s  Sub¬ 
committee  on  Administrative 


also  said  that  more  research 
and  development  are  needed 
on  issues  related  to  IT  security. 

Cooper  agreed,  adding  that 
the  federal  government  will 
need  to  weigh  in  on  research 
and  development  and  on  pilot 
projects  that  the  private  sector 
and  state  and  local  govern¬ 
ments  can’t  afford  to  get  off  the 
ground.  “In  a  lot  of  key  areas, 
we  need  to  provide  a  lead  role, 
which  translates  to  Yes,  there 
needs  to  be  initial  funding,’  ” 
he  said. 

Many  of  the  independent  pi¬ 
lot  projects  in  homeland  secu¬ 
rity  will  eventually  fall  under 
the  Homeland  Security  De¬ 
partment,  said  Cooper.  Those, 
such  as  the  ones  now  under 
way  at  airports  and  seaports 
around  the  country,  will  be 
added  to  the  list  of  projects  be¬ 
ing  planned  by  Cooper’s  office, 
he  said. 


Oversight  and  the  Courts. 

“Given  that  this  should  be 
one  of  the  highest  priorities 
that  America  has,  it’s  still  going 
to  take  us  a  couple  of  years,” 
said  Schumer.  “It  seems  like  an 
awfully  long  time,  given  how 
important  this  is.” 

Starting  Points 

Sherry  Higgins,  who  was  ap¬ 
pointed  in  March  to  head  the 
FBI’s  IT  upgrade  initiative, 
called  Trilogy,  agreed  that  it 
was  an  “extremely  long  time” 
but  said,  “The  right  solution 
takes  a  longer  time  than  to  just 
get  a  solution.” 

The  FBI  was  nonetheless 
working  to  get  some  upgrades 
completed  quickly,  including 
one  to  improve  the  ability  of 
agents  to  search  databases.  The 
FBI  system’s  search  engine 


FBI  Expects  Two-Year  Wait 
To  Replace  Old  Computers 


COMPUTERWORLD  July  22, 2002 


Planned  Federal 
Pilot  Projects 

1.  CONSOLIDATE  criminal 

and  terrorist  watch  lists. 

#**•«*»#*-»*»  *»«*•****•••**-*  * 

2.  CREATE  a  homeland  security 
portal  to  focus  on  the  protection 
of  critical  infrastructure. 

*»»#■»  #■.*  #»#»  «s.»  »  »*•«*#»  <#*»».*  * 

3.  ESTABLISH  a  coalition  of  law 
enforcement  agencies  to  share 
information.  Ten  states,  led  by 
the  Florida  Department  of  Law 
Enforcement,  will  collaborate  with 
federal  agencies  on  data  mining 
and  information-sharing. 

Some  of  these  so-called 
pathfinder  projects,  which  will 
be  designed  to  run  for  three  to 
six  months,  will  focus  on 
emerging  technologies  and 
may  also  be  initiated  and  man¬ 
aged  by  state  and  local  govern¬ 
ments  with  the  direct  assis¬ 
tance  of  the  White  House’s 
homeland  security  office,  said 
Cooper.  “Our  leadership  role  is 
ensuring  that  pilot  projects 
cross  organizational  bound¬ 
aries,”  he  said.  P 


can’t  handle  complex  searches 
with  multiple  words. 

One  obstacle  to  a  speedy  im¬ 
plementation  is  a  lack  of  doc¬ 
umentation  for  existing  sys¬ 
tems,  Higgins  said. 

The  FBI’s  effort  would  also 
link  all  of  its  major  criminal 
databases,  and  Higgins,  a  for¬ 
mer  senior  IT  executive  at 
Lucent  Technologies  Inc.  in 
Murray  Hill,  N.J.,  said  talks  are 
under  way  with  other  federal 
agencies  to  ensure  that  the  sys¬ 
tems  architecture  will  facili¬ 
tate  interoperability. 

Schumer  also  called  for  a  pri¬ 
vate-sector  advisory  board, 
comparing  it  to  the  type  of 
oversight  now  sought  for  audi¬ 
tors.  “It’s  good  for  the  accoun¬ 
tants  to  have  somebody  else 
looking  over  their  shoulders, 
giving  advice,”  he  said.  Higgins 
said  she  “totally  supports”  that 
idea,  as  does  the  FBI  director. 

The  FBI  is  receiving  about 
$507  million  for  IT  in  this  fiscal 
year,  an  increase  of  127%  from 
the  previous  year’s  budget  of 
$223  million.  P 


:ome  tl 

ie 

mid 

ran 

9 

e  serv< 

. 

by 

be 

ina 

"so 

n 

M 

ihme 

WL .  . 

■L  .  - _ '  v. 

3  , 

31 

m 

1  1 

HP's  ultra-reliable  rp7410  and  rp8400  midrange 
UNIX®  servers. 

HP  midrange  servers,  running  the  industry-leading  HP-UX 
Operating  Environment,  are  the  dependable  choice  for  your 
computing  needs.  They  are  a  powerful  consolidation  solution, 
and  with  the  lowest  total  cost  of  ownership  in  the  midrange 
server  space,  you'll  significantly  reduce  costs  in  hardware, 
management  and  administration.  And  since  the  rp7410  and 
rp8400  are  in  the  market  for  the  long  haul,  and  are  the  only 
midrange  servers  available  today  that  can  upgrade  to  the 
future  Intel®  Itanium'  Processor  Family,  they  are  truly  the 
servers  of  the  future. 

[  Find  out  why  HP  has  been  the  market  share  leader 
since  1997.  Visit  www.hp.com/large/midrange  and 
request  your  free  HP  Midrange  UNIX  Server  white 
papers  now.  ] 


invent 


Midrange  UNIX  server  market  share  leader  according  to  International  Data  Corporation  (IDC)'s  Quarterly  Server  Tracker,  Q4CY2001,  published  March  8,  2002.  IDC  uses  price  points  to  differentiate  servers  into  entry-level  (which  is  up  to  $  100,000),  mid-range  (wf 
is  $  1 00  000  -  $  1  million)  and  high-end  (which  is  $  1  million  and  above).  Intel  and  Itanium  are  registered  trademarks  of  the  Intel  Corporation  or  its  subsidiaries  in  the  United  States  and  other  countries.  UNIX  is  a  registered  trademark  of  Tfie  Open  Group.  Offer  good  ■ 
in  the  U.S.  ©2002  Hewlett-Packard  Company.  All  rights  reserved. 


COMPUTERWORLD  July  22, 2002 


Public  Health  IT 
Needs  $1B  in  Funding 


Experts  call  emergency  funding  of  $109M 
a  down  payment ,  say  long  effort  required 


BY  BOB  BREWIN 

ven  though  Con¬ 
gress  pumped  an  ex¬ 
tra  $109  million  into 
the  public  health  IT 
infrastructure  in  this 
year’s  federal  budget,  the  na¬ 
tion’s  state  and  local  public 
health  departments  need  at 
least  10  times  that  to  meet  an¬ 
ticipated  demands. 

It  will  take  at  least  $1  bil¬ 
lion  in  funding  over  15  years  to 
deploy  networks  and  informa¬ 
tion  systems  designed  to  coor¬ 
dinate  responses  to  a  bio¬ 
terrorism  attack  or  major  epi¬ 
demic,  according  to  federal 
and  state  public  health  officials. 

The  Centers  for  Disease 
Control  and  Prevention  (CDC) 
in  Atlanta  expects  to  use  the 
emergency  funding  within  the 


next  year  to  connect  state  and 
local  public  departments  serv¬ 
ing  90%  of  the  population  to 
the  nationwide  CDC-managed 
Health  Alert  Network  (HAN). 

That  will  be  an  improvement 
from  March  2001,  when  the 
CDC  put  out  a  report  that  com¬ 
pared  the  U.S.’s  public  health 
IT  infrastructure  to  a  “pony  ex¬ 
press  system”  that  relied  on  pa¬ 


per  reports  and  phone  calls  in 
an  Internet  world.  When  the 
report  was  released,  only  about 
half  of  the  country’s  59  state 
and  territorial  health  depart¬ 
ments  and  6,000  local  health 
boards  had  full-time  Internet 
connectivity,  and  another  20% 
lacked  e-mail. 

Dr.  Ed  Baker,  an  assistant 
surgeon  general  in  the  U.S. 
Public  Health  Service  who 
manages  the  CDC’s  Public 
Health  Practice  Office,  called 
the  $109  million  in  supplemen¬ 
tal  funding  a  modest  invest¬ 


ment  in  the  public  health  IT 
infrastructure,  whose  capital 
costs  he  estimated  at  $1  billion 
plus  “ongoing  costs  for  main¬ 
taining  and  improving  it.” 

Dr.  Georges  Benjamin,  sec¬ 
retary  of  the  Maryland  Depart¬ 
ment  of  Health  and  Mental  Hy¬ 
giene,  considers  the  emer¬ 
gency  funding  a  down  pay¬ 
ment.  “This  is  just  the  first 
wave  of  funding.  It’s  going  to 
take  a  long  and  sustained  effort 
to  make  it  work,”  he  said. 

Benjamin,  who  also  serves  as 
president  of  the  Association  of 
State  and  Territorial  Health  Of¬ 
ficials  (ASHTO)  in  Washing¬ 
ton,  said  it  “will  take  15  years  to 
put  these  [public  health  IT] 
systems  in  place.” 

The  population-based  distri¬ 
bution  of  the  IT  infrastructure 
funds  by  the  CDC  works  to  the 
detriment  of  rural  states  such 
as  Iowa.  Dr.  Patricia  Quinlisk, 
Iowa’s  epidemiologist,  said  she 
is  still  using  the  postal  system 
to  send  lab  reports.  But,  she 
added,  the  new  funding  will 
provide  Iowa  with  “desperate¬ 
ly  needed  resources”  for  IT  in¬ 
frastructure. 

Baker  emphasized  that  HAN 
is  far  more  than  a  computer 
network:  It’s  designed  to  de¬ 


liver  critical  information  to 
public  health  care  profession¬ 
als  to  help  battle  everything 
from  food  poisoning  to  anthrax 
attacks.  Computer-based  train¬ 
ing  and  video  to  the  desktop  are 
essential  to  this  effort,  he  said. 

Data  on  the  Fly 

HAN  funding  is  also  used  to 
deploy  graphical  systems  that 
present  information  in  ways 
that  can  be  quickly  grasped  by 
harried  doctors  in  the  midst 
of  a  crisis,  according  to  Elana 
Knudsen-Buresh,  senior  direc¬ 
tor  of  public  health  infrastruc¬ 
ture  policy  at  ASHTO. 

Benjamin  said  such  tools 
will  help  boost  the  capabilities 
of  public  health  departments, 
which  have  struggled  with  in¬ 
adequate  systems  for  years. 
However,  in  order  to  ensure 
that  agencies  get  the  systems 
they  need,  Congress  must  keep 
the  funds  flowing,  he  said. 

Last  October’s  anthrax  at¬ 
tacks  highlighted  the  impor¬ 
tance  of  public  health  agencies 
and  their  need  for  advanced 
technology.  But  Benjamin  said 
he’s  worried  the  funding  could 
disappear  once  again,  “because 
we  are  a  nation  with  a  very 
short  memory.”  I 


Health  Alert  Network  Facts  and  Figures 

$109  million  was  added  to  the  CDC’s  IT  budget  for  HAN,  as  well  as  for 
computer  and  information  systems.  The  agency  also  included  $34  million 
in  its  regular  budget  for  HAN. 

HAN  within  months  will  provide  high-speed  Internet  connections  to 
state  and  local  public  health  departments  serving  90%  of  the  population. 

HAN  will  also  provide  e-mail  and  online  training  services,  including 
distance-learning  systems  that  use  desktop  video. 


Telecommuting  Seen  as 
Possible  Boon  to  Economy 


Commerce  Dept.,  IT 
firms  push  adoption 

BY  PATRICK  THIBODEAU 

WASHINSTON 

In  an  effort  to  improve  slug¬ 
gish  broadband  adoption  na¬ 
tionally,  high-tech  firms  want 
companies  to  let  workers  tele¬ 
work  or  telecommute  as  a 
way  to  improve  productivity, 
reduce  costs  and  encourage 
baby  boomer  employees  near¬ 
ing  retirement  to  remain  in  the 
workforce. 

The  initiative  has  the  back¬ 
ing  of  the  Department  of  Com¬ 
merce,  which  views  broadband 
usage  as  an  integral  part  of  U.S. 
economic  development. 


“Broadband  deployment  and 
usage  will  define  the  global 
winners  and  losers  in  the  21st 
century,”  said  Bruce  Mehlman, 
an  assistant  secretary  at  the 
Commerce  Department.  Tele¬ 
commuting  “is  really  the  killer 
app  right  now  that’s  out  there 
for  home  broadband  use.” 

Although  broadband  reach¬ 
es  some  90%  of  the  U.S.  popu¬ 
lation,  only  about  12%  of  house¬ 
holds  utilize  it.  Encouraging 
telework  could  help  other  in¬ 
dustries  delivering  broadband 
services,  such  as  videoconfer¬ 
encing  and  leisure-time  con¬ 
tent,  say  advocates. 

Harris  Miller,  president  of 
the  Information  Technology 
Association  of  America  (ITAA) 
in  Arlington,  Va.,  said  telework 


“will  cause  a  major  bump”  in 
the  number  of  broadband  users. 

Mehlman  attended  a  news 
conference  last  week  to  dis¬ 
cuss  the  benefits  of  telework 
with  officials  from  the  ITAA 
and  several  leading  high-tech 
firms,  including  AT&T  Corp., 
Corning  Inc.,  Siemens  Infor¬ 
mation  and  Communication 
Networks  Inc.  and  American 
Management  Systems  Inc. 

Braden  Allenby,  a  vice  pres¬ 
ident  at  AT&T,  said  telecom¬ 
muting  policies  have  saved  his 
company  $25  million  in  real  es¬ 
tate  costs.  “We  just  sold  our 
corporate  headquarters  —  we 
don’t  need  it  anymore,”  he  said. 

AT&T  also  estimates  work¬ 
force  productivity  gains  of 
about  $65  million,  primarily 
the  result  of  time  saved  by 
employees  not  having  to  drive 
to  work.  A  survey  of  AT&T 
workers  in  the  Washington 
area  found  that  about  800,  or 
60%,  of  the  company’s  1,400 
managers  work  from  home  at 


least  occasionally.  Those  em¬ 
ployees  split  the  time  they  gain 
by  not  having  to  drive  into 
work  between  work  and  per¬ 
sonal  activities,  said  Allenby. 

“Teleworkers  are  very  enthu¬ 
siastic  about  teleworking,  and 
so  are  their  families,”  said  Al¬ 
lenby,  adding  that  82%  said 
telecommuting  helps  them  bet¬ 
ter  balance  work  and  family. 

Retention  is  also  critical,  es¬ 
pecially  as  baby  boomers  begin 
retiring,  he  added.  Telecom¬ 
muting  lets  older  employees 
work  on  their  terms  and  may 
keep  them  on  the  job,  he  said. 

John  Jay,  broadband  market 
manager  at  Corning  in  Corn¬ 
ing,  N.Y.,  said  telecommuters’ 
better  quality  of  life  “enhances 
our  recruiting  position.” 

A  national  survey  of  1,000 
registered  voters  released  last 
week  (see  chart)  found  that 
20%  spent  30  to  60  minutes  per 
day  commuting,  7%  spent  from 
60  to  90  minutes,  and  10% 
spent  more  than  90  minutes.  > 


A  survey  of 1,000  registered 
voters  found  respondents 
split  in  their  attitudes 
toward  telecommuting: 

If  you  had  a  choice  of  higher 
salary  or  an  option  to  tele¬ 
commute,  which  would  you 
likely  take? 

Higher  salary  47% 


Telecommuting 

36% 

Depends  on  salary  amount  7% 

Don’t  know 

10% 

o 

o 

CM 

Would  telecommuting  improve 

< 

> 

work  quality,  productivity?* 

< 

cl 

Agree 

46% 

z 

< 

X 

Disagree 

39% 

_J 

< 

CL 

Don’t  know 

14% 

o 

CL 

0 

Would  telecommuting  make 

o 

you  a  better  parent  or  spouse? 

CO 

z 

Yes 

43% 

UJ 

I 

No 

46% 

u 

Don't  know 

11% 

D 

O 

'Figures  rounded 

(0 


FAQ 


Frequently  asked  question  /  abbrev:  FAQ 

It's  the  question  we  hear  most  frequently:  how  can  you  leverage  your  investment  in  existing  infrastructure  but 
not  miss  out  on  the  benefits  of  new  technology?  Answer:  The  Sprint  network  boasts  seamless  interoperability 
between  IP,  frame  relay  and  ATM  platforms  —  just  what  you  need  to  help  take  advantage  of  current  systems 
while  migrating  to  new  technology. 

Anytime  to  virtually  anywhere  connectivity 

We're  the  only  telecommunications  provider  that  supports  both  nationwide  wireless  and  wireline  access  to 
your  critical  data  applications.  We  can  help  you  integrate  wireline  IP  services  with  the  latest  wireless  always-on, 
real-time  mobile  data  solutions.  The  result?  Try  higher  productivity  with  access  to  your  data  anytime  you 
need  it  —  in  the  office  or  on  the  road. 

"Any  to  any"  connectivity 

We've  also  engineered  a  network  solution  that  marries  the  "any  to  any"  connectivity  of  IP  to  the  reliability  and 
security  of  frame  relay.  It's  called  Internet  Protocol  Intelligent  Frame  Relay  (let's  just  call  it  IPiFR),  and  it's  based 
on  a  flexible  router  architecture  that  can  run  over  multiple  backbone  technologies  —  a  domestic  industry  first. 
What  this  can  give  you  is  VPN  services  that  (1)  provide  meshed  connectivity  (2)  without  multiple  PVCs  (3)  while 
maintaining  predictable  scalability.  In  other  words:  you  can  add  locations  and  new  applications  without  replacing 
your  existing  infrastructure  or  adding  significant  costs. 

Get  more  from  existing  technology  and  get  ready  for  the  latest  —  another  sign  of  an  intelligent  network  and  the 
people  who  make  it  work  (for  you). 


For  more  answers,  visit  our  complete  library  of  downloadable  white  papers 

at  sprint.com/whitepapers/13  or  call  1-877-604-1844. 


Copyright  ©  Sprint  2002  All  rights  reserved 


COMPUTERWORLD  July  22, 2002 


SIA  Drops  Next-Day 
Settlement  Deadline 


Securities  industry 
group  to  focus  on 
system  automation 

BY  LUCAS  MEARIAN 

IN  a  move  that  takes  some 
pressure  off  IT  managers 
responsible  for  the  sys¬ 
tems  that  process  stock 
trades,  the  Securities 
Industry  Association’s  (SIA) 
board  last  week  voted  unani¬ 
mously  to  rescind  a  mid-2005 
deadline  for  moving  to  next- 
day  settlement  of  trades. 

Instead,  the  New  York-based 
SIA  said  it  will  now  focus  on  a 
less  grandiose  program  aimed 
at  pushing  financial  services 
firms  to  automate  their  trading 
systems  for  straight-through 
processing  applications  that 
directly  connect  back-end  sys¬ 
tems  at  different  companies. 

Straight-through  processing 
requires  companies  to  make 
internal  systems  changes  in  or¬ 
der  to  automate  end-to-end 
processing  of  stock  trades.  It 
also  involves  hooking  systems 
into  external  trade-matching 
engines,  such  as  the  rival  ver¬ 
sions  operated  by  the  Global 
Straight  Through  Processing 
Association  in  Zurich  and  Om- 
geo  LLC  in  Boston.  Both  use 
mainframes  and  XML-based 
messaging  to  match  Buy  and 
Sell  orders. 

But  converting  to  “trade  plus 
one  day”  settlements,  or  T+l, 
would  be  even  more  complex. 
Securities  firms  would  have  to 
set  up  new  business  rules  and 
real-time  or  near  real-time 
processing  engines  to  reduce 
the  standard  for  settling  trades 
from  three  days  to  one. 

Analysts  estimated  that 
switching  to  T+l  could  cost  the 
financial  services  industry 
S8  billion  in  IT  and  business 
process  costs.  The  business 
case  for  T+l  came  under  ques¬ 
tion  in  the  wake  of  Sept.  11  and 
the  ongoing  economic  slump. 

In  November,  the  SIA  post¬ 
poned  the  target  date  for  the 


launch  of  T+l  from  2004  to 
June  2005  [QuickLink:  24736]. 
Last  week’s  vote  removes  the 
T+l  onus  for  at  least  the  next 
two  years.  “What  we’ve  done  is 
removed  [the  T+l]  goal  and  re¬ 
placed  it  with  a  set  of  straight- 
through  processing 
goals,”  said  Donald 
Kittell,  the  SIA’s  ex¬ 
ecutive  vice  presi¬ 
dent,  during  a  con¬ 
ference  call.  Next- 
day  trade  settle-  ~  ~ 

ments  will  be  re-evaluated  by 
the  SIA  in  2004,  he  added. 

“In  this  economy,  this  is  a 
better  move  instead  of  making 


WALL  STREET  HUB 

System  automates  securities 
lending  and  borrowing. 

O  QuickLink:  31480 
www.computerworld.com 


it  another  Y2k  Armageddon,” 
said  Shaw  Lively,  an  analyst  at 
IDC  in  Framingham,  Mass. 

Another  thorny  issue  facing 
T+l  is  the  involvement  of  for¬ 
eign  exchanges,  which  would 
narrow  the  window  for  settling 

-  trades  even  further 

because  of  time  dif¬ 
ferences.  For  exam¬ 
ple,  IT  consulting 
firm  Accenture  Ltd. 
this  month  won  a 
contract  to  help  de¬ 
sign  a  combined  straight- 
through  processing  and  T+l 
plan  with  the  Japanese  Securi¬ 
ties  Dealers  Association,  the 


SIA’s  equivalent  in  that  coun¬ 
try.  But  the  problem  is  that 
Japan  is  12  hours  ahead  of  the 
U.S.,  said  Pat  Tsien,  a  manag¬ 
ing  partner  at  Accenture. 

The  U.S.  Securities  and  Ex¬ 
change  Commission  said  in 
May  that  it  was  considering 
mandating  a  move  to  T+l  and 
would  release  a  plan  for  public 
comment  by  September  [Quick¬ 
Link:  30002].  However,  Kittell 
said,  “the  sum  of  those  com¬ 
ments,  I  would  suggest,  will 
not  be  a  strong  consensus.” 

The  SIA  has  for  the  past 
three  years  pushed  for  both 
straight-through  processing 
and  T+l  under  a  single  pro¬ 
gram.  Kittell  said  its  subcom¬ 
mittees  will  set  new  target 
dates  for  industrywide  adop¬ 
tion  of  straight-through  pro¬ 
cessing  after  the  SIA’s  confer¬ 
ence  in  October,  t 


Users  Keep  Faith  as  i2  Plans  Layoffs,  Other  Cuts 


Supply  chain  software  vendor  seeks 

turnaround  after  ninth  straight  loss 


BY  MARC  L.  SONGINI 

Looking  to  bolster  its  sagging 
revenue  and  stop  a  string  of 
quarterly  losses,  i2  Technolo¬ 
gies  Inc.  is  embarking  on  a  ma¬ 
jor  revamp  of  its  supply  chain 
management  software  and  cor¬ 
porate  structure. 

Dallas-based  i2  last  week  an¬ 
nounced  plans  to  slash  its  an¬ 
nual  operating  costs  by  about 
30%  through  moves  such  as 
closing  facilities  and  laying  off 
up  to  1,400  of  its  4,800  employ¬ 
ees.  12  also  said  it  will  move 
more  of  its  development  work 
to  India,  reduce  the  number  of 
systems  it  supports  and  prune 
some  of  the  less  central  com¬ 
ponents  of  its  product  line. 

The  cost-cutting  initiative 
follows  a  net  loss  of  $757.4  mil¬ 
lion  on  revenue  of  $119.6  mil¬ 
lion  during  the  second  quarter 
(see  box).  Sanjiv  Sidhu,  i2’s 
chairman  and  CEO,  said  in  a 
statement  that  the  company  is 
“intensely  focused”  on  becom¬ 
ing  profitable  and  hopes  to  get 
operating  expenses  in  line 
with  revenue  by  year’s  end. 

However,  some  analysts  said 


they  have  reservations  about 
the  future  for  i2  and  its  users. 

Karen  Peterson,  an  analyst 
at  Gartner  Inc.  in  Stamford, 
Conn.,  said  the  layoffs  may 
pose  a  risk  to  i2’s  customer  sat¬ 
isfaction  levels,  especially  with 
users  who  are  installing  its 


The  Skid  Continues 


I2’S  PROBLEMS 
■The  $757.4  million  net  loss  for 
the  second  quarter  was  the  com¬ 
pany’s  ninth  straight  quarterly 
deficit. 

■  Revenue  for  the  second  quarter 
dropped  52%  from  last  year’s  fig¬ 
ure,  with  software  sales  plummet¬ 
ing  from  $106  million  to  $26  mil¬ 
lion -a  75%  decline. 

12’S  PLAN 

■  Cost-cutting  actions  will  include 
cuts  of  about  30%  of  the  compa¬ 
ny’s  operating  expenses  and  the 
closing  of  some  facilities. 

■  More  development  work  is  be¬ 
ing  shifted  to  India,  and  the  num¬ 
ber  of  hardware/software  plat¬ 
forms  i2  supports  will  be  reduced. 


software  now.  “What  could 
happen  is  that  those  customers 
in  active  implementations 
could  be  hit  with  consulting 
turnover,”  she  said. 

‘High-Risk  Time’ 

Meanwhile,  the  supply  chain 
applications  sold  by  enterprise 
resource  planning  software 
vendors  such  as  SAP  AG  and 
Oracle  Corp.  are  good  enough 
for  many  companies,  Peterson 
said.  To  counter  that,  she 
added,  i2  needs  to  better  inte¬ 
grate  its  applications  so  they 
can  interoperate  without  cod¬ 
ing  by  users.  “This  is  a  high- 
risk  time  for  i2,”  Peterson  said. 

An  i2  spokeswoman  said  the 
company  offers  tool  kits  to 
help  users  integrate  its  prod¬ 
ucts.  But  i2  is  also  doing  in- 
house  integration  work,  and 
Chief  Marketing  Officer  Janet 
Eden-Harris  said  that  one  of 
i2’s  goals  is  to  more  tightly 
connect  its  planning  and  fore¬ 
casting  applications  to  its  sup¬ 
ply  chain  execution  software. 

Despite  the  rough  times, 
users  expressed  continued 
faith  in  i2.  Sandie  Foster,  a  di¬ 
rector  of  the  Atlanta-based  i2 
User  Group  and  marketing 
manager  at  IT  services  Firm 
SBI  and  Co.  in  Salt  Lake  City, 


Go  Right  Through 

Key  facets  of  the  SIA’s 
straight-through  proces¬ 
sing  program  include 
the  following: 

Improving  the  timeliness 

and  accuracy  of  trade  matching 
with  institutional  transaction  pro¬ 
cessing  capabilities 

Using  electronic  trading 

certificates  to  reduce  the  need  for 
paper  stock  certificates  and  forms 
of  payment  such  as  checks 

Automating  the  processing 

and  reporting  of  corporate  finan¬ 
cial  actions  such  as  stock  splits 
and  recapitalizations 

Automating  the  securities 

lending  business,  which  supports 
traders  who  are  involved  in  the 
short-selling  of  stocks 


said  she  has  “every  confidence 
in  i2”  in  light  of  the  restructur¬ 
ing  and  management  changes. 

Foster  cited  the  return  of  co¬ 
founder  Sidhu  as  i2’s  CEO  and 
the  promotion  of  Sam  Nakane 
to  chief  operating  officer  in 
April  as  positive  steps  for  the 
company.  Sidhu  had  given  up 
the  CEO  job  last  year,  though 
he  remained  as  i2’s  chairman. 

The  quality  of  i2’s  support 
slid  when  the  company  ex¬ 
panded  into  new  technology 
areas,  said  Ellen  Martin,  vice 
president  of  supply  chain  in¬ 
formation  systems  at  VF  Corp., 
an  apparel  maker  in  Greens¬ 
boro,  N.C.  But  Sidhu’s  focus 
“always  was  customer  service,” 
she  added.  “They  took  a  side 
street  when  he  gave  up  the 
CEO  position.  I  think  they’re 
now  on  the  main  road  again.” 

VF,  which  makes  products 
such  as  Wrangler  and  Lee 
jeans,  runs  i2’s  supply  chain 
and  factory  planning  applica¬ 
tions  and  plans  to  install  its  de¬ 
mand  fulfillment  tool.  Martin 
said  she  approves  of  i2’s  turn¬ 
around  plan  but  wants  to  see 
the  vendor  deliver  on  its 
promises.  ► 


TIME  FOR  A  CHANGE 

For  more  details  on  the  product  changes 
planned  by  i2,  visit  our  Web  site: 


O  QuickLink:  31473 

www.computerworld.com 


Cable  &  Wireless- 

Host  financially 
stable  operator 
in  class.”  B3 


CoMMi  sit  vn»:i\4\n  K 


Most  financially 
stable  operator 
in  class 


TCtECOM  TOP  100 
SURVEY  1001 


When  it  comes  to  Internet  services  for  your 
business,  the  financial  stability  of  your  provider  is 
vital.  Cable  &  Wireless  is  ranked  the  “Most  financially  stable  operator  in  class”  by  CommunicationsWeek 
International.  Our  wholly  owned,  tier  1  global  IP  backbone  spans  six  continents  and  50  countries.  We  offer  a  full 
suite  of  Internet  services  -  from  dedicated  access  to  a  flexible  portfolio  of  managed  hosting  solutions.  With  a 
balance  sheet  that  says  we’ll  be  here  tomorrow,  were  setting  the  standards  for  reliability,  performance  and 
service.  Find  out  more  at  www.cw.com/reliable  or  call  1-866-598-0799.  It’s  a  solid  investment. 


Reliability  extends  far  beyond  the  network 


CABLE  &  WIRELESS 

Delivering  the  Internet  promise  ™ 


®2002  Cable  and  Wireless  Internet  Services.  Inc.  All  rights  reserved.  All  other  trademarks  are  the  property  of  their  respective  owners. 


r 


COMPUTERWORLD  July  22, 2002 


16 


NEWS 


Microsoft  Renews  Its  Partner  Commitment 


Aims  to  soothe  the 
‘uproar’  over  its 
consulting  moves 

BY  CAROL  SLIWA 

LOS  ANSELES 

Microsoft  Corp.  took  advan¬ 
tage  of  an  opportunity  at  its  Fu¬ 
sion  2002  conference  here  last 
week  to  announce  a  $500  mil¬ 
lion  investment  in  its  partner 
community  and  to  assure  its 
partners  of  their  importance  in 
its  long-term  success. 

That  point  needed  to  be  em¬ 
phasized  perhaps  more  than 
usual  at  this  year’s  partner 
event,  since  many  of  Micro¬ 
soft’s  partners  had  gotten 
rather  prickly  just  over  a  year 
ago  after  the  company  outlined 
a  serious  push  into  the  consult¬ 
ing  services  space. 

During  his  closing  keynote 
address,  Microsoft  CEO  Steve 
Ballmer  acknowledged  the 
“troublesome”  change  that  his 
company  had  subjected  its 
partners  to  during  the  past  12 
months. 

“We’ve  learned  a  lot  about 
how  to  focus  —  or  not  focus  — 
our  consulting  force  in  the  last 
year,”  Ballmer  told  conference 
attendees.  “Our  strategy’s  nev¬ 
er  changed  in  what  we’re  try¬ 
ing  to  do  in  consulting. 

“But  it  sure  looked  that  way 
in  the  early  part  of  the  year,”  he 
said,  “because  we  managed  to 
get  a  misalignment  between 
our  incentives  and  our  re¬ 
sources  and  our  strategy  in  the 
marketplace  that  caused  our 
consultants  to  look  sometimes 
less  like  a  friend  and  more  like 
a  foe  than  we  ever  would  have 
intended  them  to.” 

Microsoft  brought  in  32-year 
IBM  veteran  Mike  Sinneck  in 
January  to  head  its  services  di¬ 
vision,  and  Sinneck  wasted  no 
time  in  addressing  the  situa¬ 
tion  that,  as  he  put  it,  had  got¬ 
ten  partners  into  “an  uproar 
and  sort  of  a  fever  pitch.” 

MORE  TiS  ISSUE 

Computer  Associates  is  also  making  plans 
to  entrance  its  partner  program.  To  learn 
more,  turn  to  page  20. 


“We  were  competing  with 
partners,”  Sinneck  told  Com- 
puterworld.  “Being  a  prime 
contractor  [on  consulting  proj¬ 
ects],  thinking  about  making 
profit  in  the  services  business 
created  all  the  wrong  behav¬ 
iors.”  So  he  said  he  worked  to 
“put  it  back  the  way  it  was.” 
Sinneck  directed  his  field  force 
not  to  be  the  prime  contractor, 
even  though  he  recognized 
that  there  might  be  exceptions 
with  some  large  customers 
that  insist  on  it.  Microsoft  in¬ 
stead  would  “fit”  its  resources 
underneath,  he  said. 

To  the  outside  world,  Mi- 


Continued  from  page  1 

Licensing 

Several  users  said  Microsoft 
should  include  support  with  an 
Enterprise  Agreement  and  the 
new  Software  Assurance  main¬ 
tenance  program,  which  enti¬ 
tles  Select  and  Open  license 
holders  to  current  versions  of 
Microsoft  products  for  an  an¬ 
nual  fee  of  25%  of  the  volume 
license  fee  for  server  products 
and  29%  for  desktop  products. 

“If  you’re  going  to  spend  the 
bucks  to  bring  an  Enterprise 
Agreement  in-house,  they 
ought  to  include  it  in  there,” 
said  Jill  Taylor,  senior  manager 
of  workgroup  engineering  at 
The  Home  Depot  Inc.  in  At¬ 
lanta.  Home  Depot  signed  an 
Enterprise  Agreement,  Micro¬ 
soft’s  most  comprehensive  and 
expensive  volume  license  op¬ 
tion,  in  March. 

Bill  Lewkowski,  CIO  at  Met¬ 
ropolitan  Hospital  and  Metro 
Health  in  Grand  Rapids,  Mich., 
said  software  upgrades  and 
support  should  be  bundled  for 
a  flat  fee  based  on  the  percent¬ 
age  of  the  product’s  cost,  but 
he  added  that  Microsoft’s 
charges  are  “out  of  line.” 

“They  should  take  note  of 
best-practice  application  ven¬ 
dors  that  bundle  software  up¬ 
grades  and  unlimited  support 
for  a  yearly  fee  of  12%  to  18%, ” 
he  said. 


crosoft  Consulting  Services 
(MCS)  had  grown,  in  part,  be¬ 
cause  it  hired  a  large  number 
of  people.  But  MCS  has  since 
reduced  its  head  count  by  140 
people  and  plans  to  keep  it  flat 
“because  we  don’t  want  to 
compete  with  partners,”  Sin¬ 
neck  said. 

Hoping  for  Profits 

Perhaps  that  will  help  the  di¬ 
vision’s  bottom  line,  too.  Even 
though  Microsoft  hoped  for  a 
profit  with  its  consulting  ser¬ 
vices  business,  the  company 
never  actually  saw  one,  ac¬ 
cording  to  Sinneck.  Overall 


Informed  of  customer  com¬ 
plaints,  Microsoft  CEO  Steve 
Ballmer  recently  told  Comput- 
erworld  he  could  lower  the  per¬ 
centages  and  instead  charge 
more  money  for  software  prod¬ 
ucts,  as  other  vendors  do.  That 
point  may  be  valid,  but  some 
customers  remain  convinced 
they’re  being  charged  fees  that 
are  too  high  compared  with 
those  of  competitors. 

“The  company  is  spending 
a  lot  of  effort  right  now  trying 
to  figure  out  what’s  the  right 
approach  as  licensing  evolves,” 
Sinneck  said.  “How  should 
we  package  things  together? 
Should  we  be  integrating  prod¬ 
ucts  and  licensing  and  services 
and  support  together  in  some 
creative  way  that  makes  sense 
to  the  customer?  All  those 
things  are  in  play  and  under 
discussion.  We  don’t  have  the 
final  answer,  but  there’s  an  in¬ 
tense  focus  on  this  at  this  point 
in  time  in  the  company. 

“One  size  doesn’t  fit  all  in 
terms  of  the  approach  you  use 
to  solve  the  problem,”  Sinneck 
said.  “That’s  what  makes  it 
very,  very  complicated.” 

Premier  Support  enhance¬ 
ments  under  consideration  in¬ 
clude  round-the-clock  tele¬ 
phone  support  for  small  to 
midsize  customers  that  don’t 
buy  that  option  now,  preferred 
access  to  incident  support  and 
customized  Web  sites,  he  said. 

Premier  Support  programs 
will  be  piloted  this  summer 


service  revenue  —  which  also 
includes  Premier  Support  — 
grew  in  double  digits,  but  the 
division  lost  “tens  of  millions 
of  dollars”  worldwide,  he  said. 

“As  a  matter  of  fact,”  Sinneck 
added,  “on  the  bottom  line  of 
the  P&L  [profit  and  loss  state¬ 
ment],  it’s  several  hundred  mil¬ 
lion  dollars’  worth  of  drag.” 

Microsoft  will  now  work  to 
break  even  on  services,  which 
Sinneck  views  as  “a  means  to 
an  end”  — helping  customers 
get  value  from  the  company’s 
products. 

“We  are  not  going  to  build  an 
IBM  Global  Services,”  Sinneck 
asserted.  Microsoft’s  core  com¬ 
petence  lies  in  its  software 
products,  he  said,  “and  that’s  al¬ 
ways  who  we’re  going  to  be.”  I 


and  launched  in  late  fall  or  ear¬ 
ly  next  year,  according  to  Sin¬ 
neck.  Included  will  be  a  new 
offering  that  will  be  delivered 
through  Microsoft’s  channel 
partners,  he  said. 

Microsoft  already  has  gotten 
creative  in  some  negotiations. 
Home  Depot,  for  instance,  said 
it  was  offered  the  option  of 
purchasing  Premier  Support 
by  the  hour  rather  than  by  inci¬ 
dent.  The  hourly  proposition 
was  more  appealing,  since  the 
retailer  had  been  using  only 
about  half  of  the  300  incidents 
that  its  annual  contract  al¬ 
lowed,  Taylor  said. 

Home  Depot  will  now  have 

Microsoft 
Support  Options 

■  Microsoft 
Professional  Support 
TARGET  CUSTOMER:  Small 
and  midsize  businesses 


■  Microsoft  Authorized 
Premier  Support  (MAPS) 
TARGET  CUSTOMER:  Midsize  and 
large  businesses 

■  Microsoft  Premier  Support 
TARGET  CUSTOMER:  Large 
corporations 

MORE  ONLINE:  For  a  detailed  look 
at  Microsoft’s  support  options, 
visit  our  Web  site. 

QuickLink:  a2340 
www.computerworld.com 


Partner  Investment 


Microsoft’s  $500  million, 
two-year  investment  in 
its  partner  community 
includes  the  following: 

HELD  STAFF  INCREASE, 

to  include  partner  account  man¬ 
agers,  technical  specialists  and 
telesales  representatives  to  work 
with  partners  and  customers; 

$4  million  for  training  partner 
account  managers. 


E-LEARNING  CENTER, 

a  Web-based  tool  for  customized 
sales  and  technical  training  via 
online  courses. 


INCREASED  AVAILABILITY 

of  support  for  partners  via  the 
telephone  and  newsgroups. 


400  hours  at  its  disposal  and,  if 
the  contract’s  end  date  creeps 
up  before  the  retailer  has  used 
up  its  time,  Home  Depot  can 
bring  in  an  expert  to  do  on-site 
training  of  internal  support 
staffers,  Taylor  noted.  “We  can 
get  the  full  benefit  of  what  we 
purchased,”  she  said. 

So  far,  however,  that  offering 
is  being  piloted  only  in  the 
U.S.,  according  to  a  Microsoft 
spokesperson. 

Richer  offerings  that  inte¬ 
grate  consulting  and  support 
“life  cycle”  services  are  antici¬ 
pated  for  existing  Premier 
Support  users,  and  new  entry- 
level  options  are  expected  for 
corporate  and  small-business 
customers,  Sinneck  said. 

Sinneck  said  he  expects  a 
stand-alone  purchase  of  sup¬ 
port  to  be  more  expensive  than 
it  is  for  a  customer  who  has  a 
“broad,  deep  annuity  relation¬ 
ship  with  us,”  but  he  doesn’t 
think  any  conclusions  will  be 
reached  until  the  fall  or  early 
next  year. 

Alvin  Park,  an  analyst  at 
Gartner  Inc.,  said  that  if  Mi¬ 
crosoft  bundles  support  with 
maintenance,  it  must  be  care¬ 
ful  that  it  doesn’t  take  away 
from  its  Premier  Support  rev¬ 
enue  stream. 

Yet  most  other  software  ven¬ 
dors,  including  IBM  and  Oracle 
Corp.,  offer  combined  pack¬ 
ages  of  upgrade  rights  and  sup¬ 
port,  “so  there  may  be  pressure 
on  Microsoft,”  Park  noted.  I 


SUM 


^*y;i3sP 


Rebuild 
Redeploy 
Reduce 


fes 


Revise 


«  ;  ?:  .  ■ 


SK 


Reconfigur 


m: 


*  \  "iij 
\  >  jmm 

\  "<Wig£m 


Realize  your  potential. 


ProLiant  BL  e-Class  Servers 
Intel"  Pentium5  III  processors 


You're  a  visionary.  So  leave  the  endless  upgrades,  updates,  and  deployments 
to  someone  else,  while  you  concentrate  on  more  important  issues.  It's  possible 
with  Automated  Systems  Provisioning,  a  capability  of  ProLiant  server 
technologies  with  Intel®  Pentium®  III  and  Intel  Xeon™  processors.  ProLiant 
servers  running  ProLiant  Essentials  Rapid  Deployment  software  allow  you  to 
download  an  OS  or  application  upgrade  to  every  server  in  your  company 
quickly,  effortlessly,  and  even  remotely.  Which  means  deployments  that  used  to 
take  hours  can  be  completed  in  minutes.  Now,  there's  an  idea  with  potential. 


HP  can  help  you  plan,  implement,  and  manage  your  infrastructure  with 
scalable  service  and  support  solutions  for  every  product,  and  every  business. 


Visit  hp.com/go/proliant33  or  call  1.800.282.6672,  option  5, 
and  mention  code  TLY  for  a  white  paper  on  adaptive  infrastructure 
and  a  free  trial  of  ProLiant  Essentials  software* 


pentium®/// 


©2002  Hewlett-Packard  Company  Intel  the  Intel  Inside  Logo,  Xeon,  and  Pentium  are  trademarks  or  registered  trademarks  of  Intel  Corporation  or  its  subsidiaries  in  the  United  States  and  other  countries.  'Workload  Management  Pock  and  Rapid  Deployment  Pack  only 
For  U.S.  customers  only.  20004IT 1/07/02 


_ J 


Mb 


Thisle' 


suability  is  dependent  on  many  factors  outside  of  the  operating  system,  Including  other  hardware  and  software  technologies,  mission-critical  operational  processes,  and  professional  services.  TSource:  Transaction  Processing  Performance  Council,  May  2002, 


Get  your  infrastructure  ready 

for  anything.  You’ve  got  relentless  hackers, 
massive  usage  spikes,  24/7/365  demands,  big  CEO  ' 
requests,  etc.,  etc.,  etc.  What  is  going  on  here? 
This,  of  course,  is  today’s  unpredictable  business 

environment.  In  this  environment,  where _ _ 

can  happen  at  any  moment,  you  need  to  keep  your 
infrastructure  prepared  for  anything  and  everything. 
And  that  is  exactly  what  the  Microsoft'  platform  is 
designed  to  help  you  do.  Here's  how: 

Security:  The  Microsoft  platform  enables  a 
secure  infrastructure  through  built-in  encryption, 
authentication,  and  access  control  that  can  be 
centrally  managed  and  integrated. 

Scalability:  The  Microsoft  platform  scales  to 
handle  your  most  demanding  workloads.  And  it 
has  the  lowest  price-to-performance  ratio  of  any 
competitive  platform/ 


Reliability:  With  the  right  investments  in 
people,  processes,  and  the  technology  of  the 
Microsoft  platform,  along  with  established  best 
practices  and  support  from  Microsoft’s  industry 
partners  (including  fault-tolerant  systems  vendors), 
customers  are  able  to  build  solutions  for  up  to 
99.999%  service  availability* 

In  addition,  the  Microsoft  platform  delivers  the 
interoperability  and  manageability  your  infra¬ 
structure  needs  to  handle  .  For  more 

information  on  howto  prepare  your  infrastructure 
for,  well,  anything,  visit  microsoft.com/enterprise 
Software  for  the  Agile  Business. 


COMPUTERWORLD  July  22, 2002 


Smart  Boxcars  Give 
Rail  Shippers  Control 


New  refrigerator  cars  rely  on  satellites 


BY  BOB  BREWIN 

AND  LINDA  ROSENCRANCE 

UNTIL  ABOUT  18 
months  ago,  ship¬ 
pers  of  perish¬ 
able  products 
that  consigned 
their  loads  to  refrigerated  box¬ 
cars  had  to  act  on  faith  that  a 
shipment  would  make  its  way 
cross  country  at  the  right  tem¬ 
perature  without  the  refrigera¬ 
tion  unit  breaking  down  or 
running  out  of  fuel. 

Sometimes  the  shipper  end¬ 
ed  up  with  a  load  of  rotten  or¬ 
anges,  bad  cheese  or  spoiled 
juice.  But  that’s  changing  as 
railroads  roll  out  new,  “smart” 
refrigerator  cars  —  or  reefers, 
as  they’re  called  —  that  use 
satellite  communications  to  let 
shippers  monitor  and  control 
car  temperatures  from  a  secure 
Web  site.  The  technology  also 
allows  them  to  pinpoint  a  car’s 
location  to  within  a  few  feet. 

Dave  Fleenor,  assistant  vice 
president  of  perishable  mar¬ 
keting  at  Burlington  Northern 
Santa  Fe  Corp.  (BNSF),  said 
the  railroad  uses  a  satellite 
control  system  from  StarTrak 
LLC  in  Morris  Plains,  N.J.  The 
system  lets  Fort  Worth,  Texas- 
based  BNSF  change  the  tem¬ 
perature  setting  of  each  refrig¬ 
erated  unit,  diagnose  problems 
and  control  what’s  going  on  in¬ 
side  each  car. 

Fresh  Fruit 

Remote  control  means  ship¬ 
pers  may  never  have  to  face  an¬ 
other  load  of  spoiled  perish¬ 
ables  again,  said  Scott  Slifkin, 
president  of  StarTrak.  If  a  re¬ 
frigeration  unit  breaks  down,  a 
microchip  controller  card  alerts 
the  shipper  and  the  railroad, 
which  can  quickly  dispatch  a 
technician  to  fix  the  problem. 

hat’s  important  to  shippers 
such  as  Kraft  Foods  Inc.  in 
Northfieid,  Ill.,  Fleenor  said. 
Kraft  suirted  shipping  cheese 
on  JNSF  before  the  new  refrig¬ 


erated  cars  were  used,  moving 
about  368  carloads  of  cheese 
via  the  railroad  in  five  years. 
Since  the  refrigerated  cars 
came  online  in  August  2001, 
Kraft  has  nearly  doubled  that 
number,  said  BNSF  spokes¬ 
woman  Suann  Lundsberg. 

In  addition  to  the  controller, 
StarTrak  equips  each  reefer 
unit  with  a  Global  Positioning 


System  (GPS)  receiver  that  au¬ 
tomatically  determines  the 
car’s  position  to  within  10  feet. 
In  the  refrigeration  unit  of  each 
car,  StarTrak  installed  a  satel¬ 
lite  communications  transmit¬ 
ter  and  receiver,  which  move 
data  over  the  MSAT  system  op¬ 
erated  by  Mobile  Satellite  Ven¬ 
tures  LP  in  Reston,  Va. 

The  satellite  modem  re¬ 
ceives  data  from  the  receiver 
and  system  monitors  on  the 
cars  and  relays  it  to  a  secure, 


shipper-accessible  Web  site 
operated  by  StarTrak. 

Tropicana  Products  Inc.  in 
Bradenton,  Fla.,  which  ships 
fresh  orange  juice  from  Florida 
to  Northeastern  markets,  is 
retrofitting  all  of  its  reefers 
with  StarTrak  technology,  said 
spokeswoman  Kristine  Nickel. 

“When  the  system  is  fully 
[deployed]  in  the  next  18  to  24 
months,  we  will  have  the  abili¬ 
ty  to  have  the  cars  communi¬ 
cate  with  us  and  let  us  change 
the  temperature  [if  necessary], 
so  a  load  of  juice  won’t  be  dam¬ 
aged,”  she  said 

Bob  Smith,  the  vice  president 
of  transportation  at  Sunkist 
Growers  Inc.  in  Sherman  Oaks, 
Calif.,  said  that  although  the 


Computer  Associates 
Pushes  Partnering  Program 


Plans  include 
online  support , 
advisory  board 

BY  MARC  L.  SONGINI 

Computer  Associates  Interna¬ 
tional  Inc.  continues  to  work 
on  boosting  its  technology 
lineup  and  gaining  a  competi¬ 
tive  edge  through  partnerships. 
To  that  end,  the  company  plans 
to  increase  online  support  for 
technology  partners  by  year’s 
end  and  create  a  partner  advi¬ 
sory  board  next  year. 

Additionally,  the  Islandia, 
N.Y.-based  software  maker  last 
week  detailed  some  of  the  suc¬ 
cess  stories  of  its  year-old  CA 
Smart  Solution  certification 
process. 

The  program  ensures  that 
companies  that  sell  their  hard¬ 
ware  and  software  along  with 
CA  products  are  fully  certified 
for  interoperability  and  have 
adequate  technical  support 
from  CA.  About  half  of  the  ap¬ 
proximately  300  CA  Smart  So¬ 
lution  partners  have  already 
received  the  certification,  and 
CA  hopes  to  get  the  remainder 
on  board  in  the  next  three 
months. 

Holdout  companies,  howev¬ 


er,  are  in  jeopardy  of  losing 
their  partner  status,  according 
to  Stacy  Leader,  vice  president 
of  the  partner  program.  “We 
are  re-evaluating  where  we  are 
and  then  will  be  moving  for¬ 
ward  and  either  decide  to  part¬ 
ner  with  them  or  keep  their 
name  on  file,”  Leader  said. 
“They  will  either  jump  on  the 
train  with  us  or  part  ways.” 

Leader  said  last  year’s  CA 
Smart  Solution  announcement 
represented  a  turnaround  for 
the  company.  At  the  time,  CA 
said  that,  instead  of  acquiring 
other  companies,  it  would  rely 
on  partners  to  fill  gaps  in  its 


Historically, 
partnering  has 
not  exactly  been 
what  you  would 
call  a  core  comp 
tency  [of  CAJ. 


e- 


JAMES  GOVERNOR, 
CONSULTANT,  ILLUMINATA  INC. 

technology  lineup. 

CA  will  continue  to  enhance 
the  program.  The  company 
plans  to  add  more  online  tech¬ 
nical  support  for  partners  and 
create  a  partner  advisory 
board  within  the  next  year. 


CA  Replaces  Four  Board  Members 


CA  said  last  week  that  it  has 
added  four  members  to  its  board 
of  directors  to  replace  four  direc¬ 
tors  who  intend  to  step  down  at 
the  board's  annual  meeting  next 
month.  Among  those  departing  is 
longtime  director  Willem  F.P.  de 
Vogel,  who  was  targeted  for  re¬ 
moval  by  a  shareholder-led  proxy 
campaign  to  revamp  CA’s  board. 

Three  of  the  four  retiring  direc¬ 
tors  are  leaving  because  of  CA’s 
newly  enacted  eight-year  term 
limit  on  the  service  of  outside  di¬ 


rectors,  according  to  the  compa¬ 
ny.  CA  adopted  the  term  limits  in 
May  as  part  of  a  broader  corpo¬ 
rate  governance  overhaul. 

Joining  CA’s  board  are  Vivendi 
Universal  Games  CEO  Kenneth 
Cron,  former  Salomon  Brothers 
Inc.  general  partner  Robert  E.  La 
Blanc,  technology  investor  and 
entrepreneur  Alex  Serge  Vieux 
and  former  CBS  Inc.  Chairman 
and  CEO  Thomas  Wyman. 

-  Stacy  Cowley, 
IDG  News  Service 


AT  A  GLANCE 


Smart  Reefers 

■  Embedded  microchip  controller 
card  monitors  system  status  and 
temperature. 

■  Built-in  GPS  system  tracks 
location  to  within  10  feet. 

■  Satellite  transmitter/receiver  relays 
system  status  to  secure  Web  site. 

■  Web  site  lets  shippers  adjust  reefer 
temperatures  and  track  location. 


StarTrak  system  lets  him  moni¬ 
tor  temperatures,  its  location 
capabilities  are  wanting.  “The 
location  [service]  is  weak,”  he 
said.  “Sometimes  I  don’t  get  an 
update  for  12  to  18  hours.”  > 


CA’s  Smart  Solution  initia¬ 
tive  is  to  some  degree  address¬ 
ing  long-term  weaknesses  in 
CA’s  partnering  strategy,  ac¬ 
cording  to  James  Governor,  an 
analyst  at  Nashua,  N.H.-based 
consultancy  Illuminata  Inc. 

“Historically,  partnering  has 
not  exactly  been  what  you 
would  call  a  core  competency” 
of  CA,  said  Governor.  While 
CA  traditionally  has  been  a  di¬ 
rect  sales  firm,  the  Smart  Solu¬ 
tion  program  “shows  a  system¬ 
atic  attention  to  partnering 
that  CA  has  sometimes 
lacked,”  he  added. 

However,  in  terms  of  chan¬ 
nel  support,  CA’s  competitors 
generally  offer  something  sim¬ 
ilar  for  their  partners,  said 
Governor.  For  example,  Micro¬ 
soft  Corp.  just  announced  a 
$500  million  boost  to  its  chan¬ 
nel  marketing  budget  [see  sto¬ 
ry,  page  16]. 

Among  the  companies  that 
have  bought  products  from 
CA-certified  partners  is  Party 
City  Corp.  in  Rockaway,  N.J. 
Party  City  uses  CA  partner 
G&Z  Systems  Inc.’s  PollView 
data  transportation  manage¬ 
ment  application,  which  ties 
into  the  party  supply  retailer’s 
Unicenter  installation. 

According  to  Richard  Zuck- 
erman,  president  of  Hawthorn, 
N.Y.-based  G&Z,  having  the 
certification,  which  his  compa¬ 
ny  received  last  month,  allows 
customers  to  feel  more  com¬ 
fortable  with  the  idea  of  going 
to  third-party  providers.  I 


To  take  advantage  of  rapidly  evolving  network  services  and  technologies,  it  can  make  good  business  sense 
to  work  with  a  service  provider.  Just  be  sure  to  look  for  the  Cisco  Powered  Network  logo.  Whether  it's  virtual 
private  networks,  managed  security,  managed  Web  hosting,  or  any  number  of  services  that  extend  or  enhance 
your  company's  network,  the  Cisco  Powered  Network  designation  means  peace  of  mind.  You  can  be  confident 
that  your  service  provider  will  deliver  the  highest  standards  of  operational  excellence,  customer  service,  and 
support  -  all  over  an  end-to-end  Cisco  network. To  find  a  provider  that  offers  Cisco  Powered  Network  services 
and  obtain  the  white  paper,  "Strategies  for  Managed  Network  Services,"  visit  cisco.com/go/cpn-services 


r  Find  a  Service  Provider 

White  Papers 

Services 

Case  Studies 

Cisco  Systems 


Empowering  the 
Internet  Generation 


©2002  Cisco  Systems,  Inc.  All  rights  reserved.  Cisco,  the  Cisco  Arrow  logo,  Cisco  Systems,  the  Cisco  Systems  logo,  and  Empowering  the  Internet  Generation  are  registered  trademarks 
or  trademarks  of  Cisco  Systems,  Inc. 


A 


Check  Point  President  Ungerman 
Sees  Light  at  End  of  VPN  Tunnel 


Vendor  waits  out  stifled 
IT  buying  environment 

BY  DON  TENNANT 

Jerry  Ungerman,  president  of  Check 
Point  Software  Technologies  Ltd.  in 
Redwood  City,  Calif.,  earlier  this 
month  spoke  with  Computerworld 
about  how  the  firewall/virtual  private 
network  (VPN)  market  leader  is  faring 
in  the  current  economic  environment, 
and  where  the  company  is  headed 
amid  expectations  of  a  recovery.  Ex¬ 
cerpts  follow. 

What  is  Check  Point’s  relationship 
with  WorldCom?  WorldCom  is 
a  very  big  partner  of  Check 
Point.  They  used  to  carry  mul¬ 
tiple  security  products,  but 
sometime  last  year,  they  decid¬ 
ed  they  were  going  to  standard¬ 
ize  on  one  security  product. 

Right  now,  we  are  the  [sole] 
security  product  that  World¬ 
Com  packages  and  resells,  on  a 
stand-alone  basis  as  well  as  a 
managed  service  offering,  on  a  world¬ 
wide  basis. 

Are  you  concerned  about  WorldCom’s 
financial  problems?  Obviously,  their 
core  business  has  been  impacted  with 
the  telecom  slowdown,  and  they’re 
dealing  with  some  other  issues.  But 
right  now,  we  have  a  very  good  rela¬ 
tionship.  They’re  a  very  good  partner, 
and  they’ve  been  doing  very  well  for  us. 

How  has  the  meltdown  in  the  telecommuni¬ 
cations  sector  affected  you?  It’s  not  had  a 
big  impact  on  us.  The  biggest  impact 
has  been  the  overall  economic  slow¬ 
down  —  the  IT  spending  slowdown,  as 
opposed  to  telecom  specifically. 

Your  first-quarter  results  were  down 
across  the  board  from  the  same  period  a 
year  ago.  I  know  you're  in  a  quiet  period 
until  your  second-quarter  financial  results 
are  released  on  July  22,  but  what  can  you 
say  about  your  financial  outlook  in  general? 
One  of  the  things  that  we  still  see  is 
that  security  is  one  of  the  more  impor¬ 
tant  areas  that  IT  executives  are  fo¬ 
cused  on.  We  still  think  we’re  getting  a 
larger  percent  of  the  spending  —  and 
the  increase  in  spending,  to  the  extent 


that  there  is  any  —  than  other  kinds  of 
technology  products. 

This  year,  we  haven’t  seen  as  much 
of  an  economic  recovery  as  we  expect¬ 
ed,  although  most  of  our  projections 
were  for  recovery  in  the  second  half  of 
the  year,  with  most  of  it  coming  in  the 
fourth  quarter.  We’re  not  there  yet,  so 
we  don’t  know  if  it’s  going  to  happen. 
But  we  do  know  that  people  are  not 
being  allowed  to  buy  as  much  as  they 
need  right  now.  They’re  being  very 
cautious  in  their  spending,  delaying,  to 
some  extent,  some  of  the  full  imple¬ 
mentations  of  projects.  But  we  still 
think  security  is  at  the  top  of  the  list, 
from  a  focus  and  spending  standpoint. 

When  you  announced  that  you 
were  going  to  end  maintenance 
support  for  Version  4.1  of  your  fire¬ 
wall/VPN  product  at  the  end  of  this 
year,  some  of  your  customers  were 
pretty  upset.  Where  does  that 
stand?  The  fact  is,  we’ve  ex¬ 
tended  the  date  for  support  of 
4.1  because  of  that  input,  and 
we  work  with  customers  to 
have  them  upgrade.  We  extend¬ 
ed  it  to  June  30,  2003. 

The  fact  is,  they  get  to  upgrade  for 
free.  We’re  not  forcing  them  into  it  or 
charging  them  for  it,  as  long  as  they’re 
on  subscription,  which  the  vast  majori¬ 
ty  of  the  base  is. 

Do  you  have  any  new-product  develop¬ 
ment  plans  for  the  immediate  future?  We 

see  the  need  for  firewalls  and  VPNs 
continuing  to  grow,  even  in  the  enter¬ 
prise  space.  Most  of  the  VPNs  have 
gone  into  intranet  deployment,  tying  in 
remote  employees  and  offices.  We  see 
there’s  a  big  opportunity  coming,  and 
we’re  going  to  bring  out  a  management 
capability  to  really  make  extranets  a 
reality,  where  companies  start  tying  in 
partners,  customers  and  suppliers  into 
their  networks. 

When  are  we  going  to  see  this?  Before 
the  end  of  the  year.  We’ve  already 
brought  to  market  the  beginnings  of  it, 
the  foundation  for  the  capability.  I 


CHECK  UP  ON  CHECK  POINT 

For  the  full  version  of  our  interview  with  Jerry 
Ungerman,  visit  our  Web  site: 

QuickLink:  31434 
www.computerworld.com 


SOLI  320: 

THE  ULTIMATE  BACKUP 
MACHINE. 


LARGEST  CAPACITY 

320  GB  -  60%  more  than  the  nearest  competitor!* 

HIGHEST  PERFORMANCE 

32  MB/s  -  Up  to  33%  faster!* 

LOWEST  COST  PER  GB 
Up  to  46%  lower!* 

PROTECTS  YOUR  INVESTMENT 

Backward  compatible  to  DLTtape™  IV  media 

IDEAL  FOR  AUTOMATION 

Best  combination  of  storage  density,  performance  and 
durability 

BROADEST  PLATFORM  ACCEPTANCE 

Over  2  million  drives  and  80  million  cartridges  sold 

INDUSTRY-LEADING  ROADMAP 

First  with  a  path  to  over  one  terabyte 
and  100  MB/s* 


See  for  yourself  why  the 

SDLT  320  is  the  highest  performing  drive  on 

the  road  today! 

Go  to  320reasons.com. 


•When  compared  to  LTO  1 ,  AIT  3  and  Mammoth  2  drives.  Where  mentioned,  capacities  and  transfer  rates  a'e  compressed 

©2002  Quantum  Corporation.  All  rights  reserved.  Super  DLTtape  and  DLTtape  are  trademarks  and  the  Super  DLTrapc 

is  a  registered  trademark  of  Quantum  Corporation. 


24 


NEWSOPINION 


COMPUTERWORLD  July  22, 2002 


PATRICIA  KEEFE 


No  More  Blind  Faith 


A  FEW  YEARS  AGO,  my  brother  and  I  co- 
incidently  decided  to  vacation  in  the 
San  Juan  Islands.  He  likes  to  go  first 
class;  I  tend  to  wing  it.  While  he  and 
his  family  stayed  at  four-star  B&Bs,  my 
family  ended  up  in  some  funky  accommodations  off 
the  beaten  path.  Net  result?  They  listened  to  ferry 
announcements  all  night  long  while  we  communed 
with  hummingbirds  inches  away  and  enjoyed  in¬ 


credible  views  of  the  is¬ 
lands.  The  moral?  First 
tier  may  be  the  most  ex¬ 
pensive,  but  it  isn’t  al¬ 
ways  the  best. 

Nor,  as  recent  months 
have  borne  out,  is  it  al¬ 
ways  the  safest.  To  be 
sure,  nobody  runs  around 
anymore  saying  things 
like,  “No  one  ever  got 
fired  for  buying  IBM.” 

But  the  expectation  re¬ 
mains  that  top-tier  com¬ 
panies  are  safe  bets.  That’s  why 
many  WorldCom  customers  can’t 
bring  themselves  to  worry  too  much 
about  the  vendor’s  very  pressing  le¬ 
gal  and  Financial  predicaments.  And 
it’s  why,  despite  the  threat  imposed 
by  endless  antitrust  trials,  Microsoft 
users  have  consistently  said  that  the 
outcome  won’t  affect  their  purchas¬ 
ing  and  technology  plans. 

This  reaction  is  somewhat  under¬ 
standable.  Amid  the  steady  drone  of 
disappointing  earnings  reports  and 
layoffs,  life  has  pretty  much  gone  on 
as  before.  Maybe  you  lost  a  sales  con¬ 
tact  or  some  nice  but  not  necessary 
hand-holding  services,  or  perhaps  a 
minor  product  line  got  the  ax.  Noth¬ 
ing  you  couldn’t  maneuver  around. 

But  today  we’ve  got  some  nasty 
added  twists.  A  stubborn  recession  in 
the  high-tech  sector  is  pushing  some 
suppliers  past  internal  tinkering.  SAP, 
for  example,  will  terminate  some 
third-party  services,  and  Sprint  will 
cut  DSL  operations  to  some  cities. 
And  while  IBM’s  recent  dumping  of 
its  disk  drive  business  may  not  affect 


Patricia  keefe  is  editorial 
director  at  Computer- 
world.  You  can  contact 

her  at  patricia.keefe® 
computerworld.com. 


you  directly,  it  under¬ 
scores  that  even  Big  Blue 
is  carefully  re-evaluating 
its  entire  product  line. 

Adding  to  the  uncer¬ 
tainty  of  the  long-term 
availability  of  products 
and  services  is  the  con¬ 
stant  drumbeat  of  corpo¬ 
rate  “misstated  earnings,” 
those  dubious-to-illegal 
accounting  practices  fu¬ 
eled  by  unbridled  greed 
in  some  corporate  suites. 
It’s  not  just  WorldCom.  Xerox  and 
Qwest  are  also  under  investigation 
for  accounting  missteps.  The  num¬ 
ber  of  scandals  overall  is  such  that 
the  government  and  the  judiciary 
have  actually  been  moved  to  action. 

The  stakes  for  IT  are  suddenly 


higher.  You  need  a  lot  more  in  your 
corner  than  blind  faith  that  someone 
will  buy  the  assets  or  take  over  the 
service  if  your  primary  vendor  goes 
under.  Sure,  someone  may  well  snap 
up  the  cool  technology.  But  the  new 
owners  might  change  it.  They  might 
take  it  in  a  new  direction.  They  might 
package  it  differently.  They  might 
charge  more  for  it  and  support  it  less. 

So  you  need  to  prepare.  Keep  a 
sharp  eye  on  the  balance  sheet  of 
your  strategic  vendors.  Start  asking 
questions  and  formulating  contin¬ 
gency  plans.  Work  your  assumptions 
and  expectations  about  continued 
service  into  legally  binding  docu¬ 
ments.  Scout  backup  providers  for 
critical  products  and  services. 

After  all,  if  vendor  executives  have 
inflated  their  companies’  earnings 
and  lied  to  or  misled  their  auditors, 
shareholders  and  the  SEC,  can  you 
seriously  rely  on  their  words  of  as¬ 
surance?  When  times  are  good,  the 
customer  is  always  right.  But  when 
the  chips  are  down  and  the  creditors 
or  jailers  are  at  the  door,  you  can  bet 
your  last  angry  user  that  the  cus¬ 
tomer  is  at  the  bottom  of  the  list. 

The  only  one  who  can  ensure  and  in¬ 
sure  the  services  you  provide  your 
company  is  you,  and  you  can  take 
that  to  the  bank.  I 


PIMM  FOX 

Use  VPNs  for 
Security  and 
Transparency 

PRESIDENT  BUSH  speaks 
about  the  need  for  fi¬ 
nancial  transparency: 
the  ability  to  figure  out  what’s 

going  on  inside  a  business.  But  the 
only  way  this  will  happen  is  for  top  ex¬ 
ecutives  to  create  and  use  IT  infra¬ 
structure  to  get  vital  data  when  it’s 
needed,  rather  than  after  regulators 
and  investors  have  been  duped. 

Using  IT  for  a  clear  picture  of  busi¬ 
ness  operations  isn’t  new,  but  it  has  ac¬ 
quired  increased  urgency,  for  practical 
reasons  in  addition  to  legal  ones. 

Last  year, 
when  William  S. 

Sciortino  joined 
Classic  Resi¬ 
dence  by  Hyatt 
(the  senior-liv¬ 
ing  affiliate  of 
Chicago-based 
Hyatt  Corp.),  the 
company  was 
chasing  a  scat¬ 
tered  paper  trail 
that  often  meant 
financial  state¬ 
ments  didn’t  get 
closed  for  60  days.  The  company’s  15 
luxury  living  facilities  weren’t  con¬ 
nected  to  a  network  (they  were  using 
dial-up  connections),  had  no  file-shar¬ 
ing  and  relied  on  faxes,  telephone  calls 
and  e-mail  attachments  of  information 
such  as  Excel  spreadsheets. 

“It  was  like  running  16  different  data¬ 
bases,  and  we  were  manually  consoli¬ 
dating  information  at  our  headquar¬ 
ters,”  says  Sciortino. 

It  took  10  days  for  a  typical  facility  to 
develop  a  financial  statement  that  in¬ 
cluded  occupancy  rates,  rent  collected, 
food  service  costs  and  personnel 
changes.  Bigger  facilities  took  13  days 
to  compile  information.  It  took  until 
the  17th  day  for  corporate  accountants 
to  get  a  real  financial  summary.  Com¬ 
piling  the  results  from  all  locations 
sometimes  took  as  long  as  60  days. 

Sciortino  wanted  to  lay  down  an  IT 
infrastructure  and  put  ERP  on  top  of  it. 
The  goal  was  to  streamline  the  finan- 

For  more  columnists  and  links  to  archives  of  previous 
columns,  go  to 

Q  computerworld.com/columns 


YES!  Please  enter  my  subscription  to  Computerworld  -  I’ll  pay  just  $68.00* 
for  51  weekly  issues.  That’s  a  savings  of  over  73%  off  the  single  copy  price. 


FIRST  NAME  Ml  LAST  NAME 


TITLE 


COMPANY 


E-MAIL  ADDRESS 


ADDRESS 


CITY  STATE  ZIP 

*U.S.  Only.  Canada  $110,  Mexico,  Central/South  America  $250,  Europe  $295,  all  other  countries  $295.  Foreign  orders  must 
be  prepaid  in  U.S.  dollars.  Address  Shown:  □  Home  □  Business  □  New  □  Renew  Single  copy  price:  $5.00/issue 

COMPUTERWORLD 

THE  NEWSPAPER  FOR  IT  LEADERS 


COMPUTERWORLD 

PO  BOX  512 
MT  MORRIS  IL  61054-7572 


l.ll 


ml 


1 1 1 1 1 1 1 1 1 1  ii 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 


NEWSOPINION 


cial  process  and  give  what  he  calls 
transparency  to  operations.  “I  want  the 
executive  chefs  to  know  what  the  food 
cost  is  every  day,  every  week,”  said 
Sciortino.  “And  I  don’t  want  them  to 
have  to  sit  at  the  terminal  waiting  for 
this  information.” 

Sciortino’s  IT  choice  was  a  VPN  us¬ 
ing  appliances  from  Nokia  Corp.  pre¬ 
configured  with  Check  Point  Software 
Technologies’  security  software.  “We 
went  the  appliance  route  because  we 
are  concerned  about  security,  and  dial¬ 
up  isn’t  reliable  enough,”  said  Sciorti¬ 
no.  He  also  didn’t  want  to  load  a  bunch 
of  Windows  NT  servers  with  Check 
Point  software  that  would  require  IT 
personnel  at  each  site  to  administer. 

Now  Sciortino  drops  a  team  of  con¬ 
sultants  into  a  new  location  —  the 
senior-living  market  is  booming  —  and 
users  are  up  and  running  in  three  to 
five  days.  “We’re  able  to  save  time  get¬ 
ting  financial  information  to  people 
who  need  it,”  says  Sciortino,  who  be¬ 
lieves  the  system  will  be  instrumental 
in  quickly  integrating  new  facility  ac¬ 
quisitions. 

Now,  if  only  we  had  something  as 
tangible  to  produce  transparency  and 
simplicity  for  the  president’s  effort  to 
curb  corporate  excess.  > 

PAUL  DONNELLY 

H-IB  Is  Just 
Another 
Gov’t.  Subsidy 

Despite  big  layoffs 

among  IT  workers  and 
post-Sept.  11  concerns 

over  the  immigration  system, 
advocates  of  H-IB  visas  aren’t  going 
away.  Indeed,  IT  employers  are  lying 
low,  hoping  to  quietly  persuade  Con¬ 
gress  next  year  to  permanently  raise 
the  annual  H-IB  visa  limit  above 
65,000.  And  why  not?  Like  most  politi¬ 
cally  connected  industries,  IT  employ¬ 
ers  have  friends  in  Washington  who 
are  arguing  to  expand  what  is  in  truth  a 
government  subsidy. 

Take  the  Cato  Institute,  supposedly  a 
small-government,  antiregulation,  free- 
market  advocate,  which  for  10  years  has 
opposed  deregulating  employment- 
based  immigration.  Buying  green  cards 
for  new  hires  is  a  “tax,”  it  argues,  so 
Cato  wants  a  permanent,  massive,  over¬ 
regulated  subsidy  instead. 

Meanwhile,  IT  employers  explain 


that  H-IB  holders  are  a  “mi¬ 
nor  league,”  in  ITAA  Presi¬ 
dent  Harris  Miller’s  words 
—  a  try-before-you-buy  ap¬ 
proach,  like  Major  League 
Baseball’s  farm  teams.  But 
Nobel  economist  Milton 
Friedman  scoffs  at  the  idea 
of  the  government  stocking 
a  farm  system  for  the  likes 
of  Microsoft  and  Intel. 

“There  is  no  doubt,”  he  says, 

“that  the  [H-IB]  program  is 
a  benefit  to  their  employers, 
enabling  them  to  get  work¬ 
ers  at  a  lower  wage,  and  to  that  extent, 
it  is  a  subsidy.” 

From  free-market  thinker  Friedman, 
those  are  devastating  words.  The  H-IB 
program  is  a  subsidy  that  distorts  the 
job  market  for  IT  talent.  (But  watch  for 
hilarious  letters  from  libertarians  ex¬ 
plaining  how  Friedman,  a  contributor 
to  Free  Minds  and  Free  Markets,  doesn’t 
know  a  free  lunch  when  he  sees  one.) 


Two  years  ago,  I  partici¬ 
pated  in  a  National  Acade¬ 
my  of  Sciences  hearing 
about  IT  workforce  needs. 
After  the  ostensible  liber¬ 
tarian  in  the  room,  former 
Cato  economist  Steve 
Moore,  laid  out  his  case  for 
permanently  recruiting  for¬ 
eign  talent,  the  panel’s 
economist  called  his  bluff: 
“So,  there  is  no  argument 
for  a  temporary  visa,  then?” 
Moore  did  a  double  take 
before  stammering,  “Well, 
this  is  one  of  those  wink-and-a-nod 
programs.  Everybody  expects  most  of 
these  workers  to  stay.” 

When  the  government  supplies  non- 
U.S.  workers  to  an  industry,  that’s  a 
subsidy.  When  those  workers  accept 
minor-league  wages,  that’s  a  big  sub¬ 
sidy.  When  those  outsiders  want  a  ben¬ 
efit  that  can  be  supplied  only  by  the 
government,  like  a  green  card,  even 


regulations  intended  to  protect  U.S. 
workers  can  skew  the  labor  market 
against  citizens.  American  workers 
won’t  support  a  minor  league  that  runs 
against  their  interests,  and  winks  and 
nods  don’t  fool  them. 

Meanwhile,  unions  and  IT  profes¬ 
sionals  risk  getting  suckered  (again) 
into  supporting  irrelevant  training  pro¬ 
grams  as  a  trade-off  for  H-lBs.  But  the 
more  that’s  loaded  onto  the  H-IB  ap¬ 
proach,  the  bigger  the  subsidy  gets. 

Let’s  face  it:  IT  lobbyists  ill  serve  the 
industry  by  perpetuating  the  failed  reg¬ 
ulations  of  the  H-IB  and  green-card 
programs,  which  could  be  replaced 
with  a  market  system  that  would  deliv¬ 
er  green  cards  as  fast  as  they’re  paid 
for.  But  laying  off  thousands  of  U.S.  citi¬ 
zens  and  green-card  holders  while  re¬ 
taining  “temporary”  foreign  workers 
adds  fuel  to  a  growing  anger.  So  call  the 
H-IB  visa  what  it  is:  a  subsidy  that  runs 
counter  to  the  real  interests  of  both  IT 
workers  and  free-market  thinkers.  I 


READERS’  LETTERS 


let’s  Focus  on  Bugs 

The  finding  by  the 
National  Institute  of 
Standards  and  Tech¬ 
nology  that  software  bugs 
cost  nearly  $60  billion  annu¬ 
ally  and  that  those  costs 
could  be  reduced  by  $22.5 
billion  via  the  application  of 
consistent  improvements  in 
software  testing  processes 
shows  that  it’s  time  to  adjust 
our  priorities  [QuickLink: 
30997].  With  money  tight, 
building  ways  to  recover  at 
least  part  of  that  amount  is 
more  important  than  contin¬ 
uing  to  rush  more  features 
into  production.  Unfortu¬ 
nately,  I  don’t  see  that  hap¬ 
pening.  I  instead  see  some 
large  software  vendors  con¬ 
tinuing  to  promote  self- 
serving  legislation  like  UCI- 
TA,  which  would  shift  even 
more  of  that  $60  billion  onto 
the  backs  of  consumers. 

Users  should  not  only 
stress  improvements  in  their 
own  testing  practices,  but 
also  send  a  clear  message  to 
vendors  about  the  unaccept¬ 
ability  of  shoddy  or  buggy 
products.  To  help  facilitate 
building  stronger  quality 
protections  into  their  ven¬ 
dor  agreements,  users 


should  work  hard  to  send 
onerous  attempts  at  cost- 
shifting  like  UCITA  back  to 
the  drawing  board. 

Bruce  Barnes 
President,  Bold  Vision  LLC 
Dublin,  Ohio 

I’M  NOT  an  application  de¬ 
veloper,  but  as  the  owner 
of  a  small  technology 
consulting  firm,  I  read  the 
article  “Users  Losing  Bil¬ 
lions  Due  to  Bugs”  with 
great  interest.  There’s  much 
to  be  said  for  eliminating 
bugs  from  software,  and  I 
applaud  the  developers  who 
strive  to  make  that  happen. 
However,  in  my  career,  I 
have  seen  many  things  at¬ 
tributed  to  buggy  software 
that  simply  are  not  bugs: 
poorly  trained  users  at¬ 
tempting  to  force  an  applica¬ 
tion  to  do  something  it  was 
not  designed  to  do;  organiza¬ 
tions  unwilling  to  pony  up 
the  dollars  it  takes  to  proper¬ 
ly  install  and  configure 
large-scale  applications  or 
even  operating  systems; 
companies  ignoring  manu¬ 
facturers’  recommendations 
for  installation  and  configu¬ 
ration.  These  situations  lead 
to  users  who  are  unhappy 
with  the  way  applications 


work;  hence,  it’s  a  bug. 
Steven  J.  Kopischke 

Owner  and  chief  consultant 
Ichthys  LLC 
Green  Bay,  Wis. 


Stick  With  ECC  Memory 

N  your  article  “Xserve 
Grabs  the  Spotlight” 
[QuickLink:  30624],  you 
quote  people  saying  that  the 
use  of  non-ECC  (in  this  case 
DDR)  memory  is  worth  “the 
extra  savings  and  increased 
speed.”  This  is  a  dangerous 
statement.  When  it  comes  to 
speed,  there’s  no  practical 
difference  between  the  two, 
and  many  benchmarks  con¬ 
firm  this.  As  for  perceived 
savings,  on  July  1, 1  found  a 
price  of  $49.49  for  256MB  of 
non-ECC  memory,  and 
$71.09  for  ECC.  Memory  er¬ 
rors  that  go  undetected  and 
their  later  troubleshooting 
cost  much  more  than  the 
difference  of  $21.60  per 
256MB.  That’s  why  non- 
ECC  memory  doesn’t  be¬ 
long  in  a  corporate  environ¬ 
ment.  I  will  keep  advising 
companies  I  work  with  not 
to  use  any  machine  that  uses 
non-ECC  memory. 

Zoran  Cvijetic 
San  Pedro,  Calif. 


What's  in  It  for  Others? 

IT’S  nice  to  see  people 
taking  time  to  volunteer, 
and  corporate  America 
should  encourage  it.  Howev¬ 
er,  I  was  disappointed  to  see 
that  for  the  most  part,  your 
article  focused  on  the  ques¬ 
tion  of  “What’s  in  it  for  me?” 
[QuickLink:  30638]  Volun¬ 
teer  work  isn’t  really  about 
finding  a  job  or  improving 
your  resume  or  increasing 
your  financial  worth.  It’s 
about  helping  people  and 
organizations  that  do  good. 
The  rewards  should  be  the 
work  itself  and  the  self- 
satisfaction  that  comes  from 
giving. 

Don  Greb 
Pittsburgh 

C0MPUTERW0RLD  welcomes 
comments  from  its  readers.  Letters 
will  be  edited  for  brevity  and  clarity. 
They  should  be  addressed  to  Jamie 
Eckle,  letters  editor,  Computerworid, 
P0  Box  9171, 500  Old  Connecticut 
Path,  Framingham,  Mass.  01701. 

Fax:  (508)  879-4843.  Internet: 
letters@computenworld.com.  Include 
an  address  and  phone  number  for 
immediate  verification. 

For  more  current  tetters  on  these  and 
other  topics,  go  online  to 

1  0  computerworld.com/letters 


PAUL  DONNELLY  Writes 
about  immigration  and 
citizenship.  Contact 
him  at  pauldonnelly® 
mindspring.com. 


100%  Dell  performance  and  reliability. 
Up  to  50%  less  than  the  competition 

PowerConnect  Switches...100%  no-brainer. 


3024 


D*LL  PowerConnect 


UMt/ACf 


PoweKormert 


Right  now,  get  $100  off  Delis 
NEW  48  Port  PowerConnect  Switches. 


Dell  j  Managed  Switches 

PowerConnect™  3024*  Switch 


Scalable,  High-Performance  Managed  Switches 

•  24  Fast  Ethernet  Ports  Plus  2  Built-In  Gigabit  Uplinks 

•  Up  to  12.8  Gbps  of  Wire-Speed  Switching  Capacity 

•  Stackable  (Supports  up  to  144  FE  Ports  in  a  Stack) 

•  3-Yr  Next  Business  Day  Parts  Replacement™ 

£  as  low  as  $20/mo..  (46  pmts?°)  60  Days 

JmUU  Same-As-Cash  for  qualified  customers 

E-VALUE  Code:  12652-S10706 


PowerConnect™  3048*  Switch 


Rack-Dense,  High-Performance  Managed  Switches 

•  48  Fast  Ethernet  Ports  Plus  4  Built-In  Gigabit  Uplinks 

•  Up  to  21.6  Gbps  of  Wire-Speed  Switching  Capacity 

•  Stackable  (Supports  up  to  144  FE  Ports  in  a  Stack) 

•  3-Yr  Next  Business  Day  Parts  Replacement™ 

•  Sale  Price  Includes  $100  Discount 

A  4i  as  low  as  $34/mo..  (46  ports.11)  60  Days 

dll  Vi  Vfi  Same-As-Cash  for  qualified  customers 

I  E-VALUE  Code:  12652-s10712b 


PowerConnect™  5012*  Switch 

High-Performance  All-Gigabit  Managed  Switches 

•  10  Built-In  Copper  Gigabit  Ports  Plus  2  GBIC  Slots 

•  Up  to  24  Gbps  of  Wire-Speed  Switching  Capacity 

•  Remote  Access  and  Management  Capabilities 

•  3-Yr  Next  Business  Day  Parts  Replacement™ 

ah  as  low  as  $37/mo..  (46  pruts?0)  60  Days 

dl  Same-As-Cash  for  qualified  customers 

E-VALUE  Code:  12652-s10712a 


PowerConnect™  3248*  Switch 


High-Performance  Enterprise  Class  Managed  Switches 

•  48  Fast  Ethernet  Ports  Plus  2  Built-In  Gigabit  Uplinks 

•  Multi-Layer  Traffic  Classification  at  Layers  2, 3,  and  4 

•  Advanced  Management  via  Browser  or  Industry-Standard  CLI 

•  3-Yr  Next  Business  Day  Parts  Replacement™ 

•  Sale  Price  Includes  $100  Discount 

A  e*  g\  as  low  as  $40/mo„  (46  pmts30)  60  Days 
|  4|%J|l*E  Same-As-Cash  for  qualified  customers 

■  E-VALUE  Code:  12652-s10714 


Managed  switches  you  can 
count  on  to  do  more  than  just  save  money.  Just  what  you'd  expect  from  Dell, 
proven  technology  that  cuts  costs.  So  whether  you're  building  your  first  network 
or  expanding  your  existing  one,  Dell  PowerConnect  managed  switches  can 
handle  your  busy  organization  and  help  you  save  money.  Equipped  with 
the  latest  industry-standard  technology,  PowerConnect  switches  are  highly 
interoperable  and  easily  integrate  into  an  existing  network.  They're  scalable  for 
future  growth  and  have  easy-to-use  management  features  to  help  you  improve 
network  up-time  and  security.  PowerConnect  switches  include  Next  Business 
Day52  Parts  Replacement  and,  of  course,  they're  all  backed  with  Dell's  service  and 
support.  Choosing  Dell  PowerConnect  switches  means  you  won't  have  to  sacrifice 
performance  for  price.  And  that's  a  concept  you'll  definitely  want  to  plug  into. 


(p>k 

USE  THE  POWER  OF 
THE  E-VALUE  CODE. 

Match  our  latest  technology 
with  our  latest  prices.  Enter  the 

E-VALUE  code  online  or  give  it 

VALUE 

to  your  sales  rep  over  the 
phone  wwwdell  com/evalue 

Growing  your  network.  Easy  as 


D0LL 


Visit  www.dell.com/switch  or  call  toll  free  1-877-406-3355. 


Cats-  M  F  7o  9pjSat  8a-5p  CT. 

of  oiler  may  changt  .vithout  notice  Taxes  and  shipping  charges  extra,  and  van,'.  LIMIT  5  DISCOUNTED  OR  PROMOTIONAL  ITEMS  PER  CUSTOMER.  In  case  of  customers  leasing  under  these  promotions,  please  note  that  items  leased  will  be  subject  to  applicable 

end  ft  tease  options  or  requirements  Dell  cannot  he  responsible  tor  errors  in  typography  01  photography. 

:  bee,  approved  by  the  Federal  Communications  Commission  toi  use  in  a  residential  environment  This  device  is  nol,  and  may  not  he.  offered  for  sale  or  lease,  or  sold  or  leased  for  use  in  a  residential  environment  until  the  approval  of  the  FCC  has  been  obtained. 

• ,  • *  1  •  ■  ■  1 40-ir.r  !h  CuickLoan  at  12  99%  interest  rate  for  qualified  Small  Business  customers  Your  interest  rate  and  monthly  payment  may  be  same  or  higher,  depending  on  your  creditworthiness.  Minimum  transaction  site  of  $500  tequired  Maximum  aggregate  financed  amounts  not  to  exceed 

;■  1 1* *  •arc.L-; an.  interest  a  .  fans  during  first  60  days  alter  Quickioan  Commencement  Date  'which  is  five  days  after  product  ships)  if  balance  not  paid  within  theso  60  days  OFFER  VARIES  BY  CREDITWORTHINESS  OF  CUSTOMER  AS  DETERMINED  BY  LENDER  Taxes  tees  and 

1  vary  Not  valid  on  past  orders  or  financing.  GutckLoan  arranged  by  CIT  OnLme  Bank  to  Small  Business  customers  with  approved  credit.  Service  or  replacement  unit  (depending  on  service  contract)  may  be  provided  by  third-party  provider  Technician  or  replacement  unit  will  be 

•  :g  based  tioublesliuoting.  To  receive  next  business  day  service.  Dell  must  notify  the  service  provider  before  5pm  (depending  on  service  contract)  customer  time.  Availability  varies.  Dell,  the  stylized  E  logo  E-VALUE  and  PowerConnect  are  trademarks  of  Dell  Computer 

•TM’J'  ■  .02  Dell  Computer  Corporation  All  rights  reserved. 


JAY  ASQUINI 


COMPUTERWORLD  July  22, 2002 


27 


TECHNOLOGY 


THIS  WEEK 


LAYING  FOUNDATIONS 
FOR  WEB  SERVICES 

Building  Web  services  on  a  firm 
foundation  requires  a  service- 
oriented  architecture,  clean  XML 
data  and  well-defined  business 
processes.  PAGE  30 


V, 


PORTAL  TO 
INTEGRATION 


Johnson  Controls’ 
John  Waraniak 
(left)  uses  a  collab¬ 
oration  exchange 
through  the  com¬ 
pany’s  corporate 
portal  to  integrate  applications 
from  outside  suppliers.  PAGE  32 


%  O 


PGP  UNCERTAINTY 

Pretty  Good  Privacy,  which  gained 
cult  status  in  the  early  ’90s  as  the 
first  almost-uncrackable  freeware 
encryption  program,  may  fade 
from  use  because  the  software’s 
vendor  decided  to  pull  the  plug  on 
it  earlier  this  year.  PAGE  33 


FUTURE  WATCH 

Computer  scientists  are  increas¬ 
ingly  looking  to  biology  for  ideas. 
Some  are  inventing  ways  to  com¬ 
pute  using  a  method  that  looks  a 
lot  like  evolution.  PAGE  34 


QUICKSTUDY 

Unified  messaging  is  the  term  for  a 
system  for  accessing  e-mail,  voice 
and  fax  messages  through  a  single 
common  interface.  PAGE  35 


SECURITY  JOURNAL 

A  continuing  staff  shortage  has 
Mathias  Thurman  fine-tuning  the 
intrusion-detection  system  to  re¬ 
duce  false  alarms  —  and  his  work¬ 
load.  PAGE  36 


NICHOLAS  PETRELEY 

Free  Pom  Solution 


NO,  THIS  IS  NOT  AN  OFFER  for  a  complimentary  aphrodisiac 
drink.  But  now  that  I  have  your  attention,  I’d  like  to  recom¬ 
mend  a  cheap  and  easy  way  to  block  unwanted  and  danger¬ 
ous  Internet  content. 

By  now,  almost  everyone  realizes  that  when  you  give  your 
users  access  to  porn  sites,  software  downloads,  and  other  Internet  tempta¬ 


tions,  it  can  cost  you  more  than  lost  productivity.  I 
don’t  know  of  any  solution  that  offers  perfect  protec¬ 
tion,  but  there  are  many  free  software  packages  that 
will  get  you  within  spitting  distance. 

Here’s  the  combination  I  typically  recommend. 
Start  with  Linux,  add  IP  Tables  ( www.iptables.org ) 
firewall  rules  with  the  help  of  the  IP  Tables  configu¬ 
ration  tool  gShield  ( http://muse.linuxmafia.org/ 
gshield.html ).  Then  mix  in  a  Web  proxy  and  cache 
called  Squid  ( www.squid-cache.org )  with  the  filtering 
proxy  DansGuardian.  You  can  block  viruses,  Trojan 
horses  and  other  potentially  dangerous  e-mails  with 
Anomy  ( mailtools.anomy.net ).  Add  SpamAssassin  to 
kill  off  that  last  bit  of  unwanted  content. 

You  can  configure  these  Linux-based  Internet  gate¬ 
ways  as  your  firewalls  or  just  put  them  behind  your 
current  firewalls.  The  Squid  proxy  server  adds  a  level 
of  protection  by  letting  users  browse  the  Web  with¬ 
out  giving  them  direct  access  to  the  Internet,  but 
that’s  not  why  I  recommend  it.  We’re  after  its  perfor¬ 
mance-enhancing  Web  cache. 

The  Squid  cache  is  especially  useful  if  you  have 
multiple  pipes  to  the  Internet,  such  as  a  Tl,  a  T3  and 
a  satellite,  because  multiple  Squid  caching  servers 
can  cooperate  with  one  another.  You  can  set  up  your 
Squid  caches  so  that  if  your  Tl  line  goes  down,  the 
proxy  for  that  line  will  automatically  redirect  re¬ 
quests  to  one  of  the  other  proxies,  such  as  the  one 
connected  to  the  T3.  It  may  seem  redundant  to  daisy 
chain  DansGuardian  into  this  mix,  since 
DansGuardian  is  also  a  proxy.  But  Dans¬ 
Guardian  adds  intelligent  content  filtering 
that  the  Squid  cache  lacks,  and  you  get  this 
feature  at  very  little  performance  cost  in 
added  latency. 

The  pearl  in  DansGuardian  is  that  it  ex¬ 
amines  everything  that  passes  through  the 
proxy,  not  just  URLs.  You  can  define  cus¬ 
tom  search  expressions  that  check  for 
combinations  of  words  within  a  Web  page, 
and  DansGuardian  will  block  any  pages 
with  matching  content.  If  you  choose  your 
search  expressions  carefully,  you  can  mini¬ 


mize  false  positives.  That  way,  your  users  won’t  be 
able  to  reach  porn  sites,  but  they’ll  still  be  able  to 
read  about  cockatiels  or  pussywillows.  You  can  also 
use  DansGuardian  to  block  URLs  based  on  search  ex¬ 
pressions,  filter  sites  by  IP  addresses,  and  stop  down¬ 
loads  of  files  matched  by  Multipurpose  Internet  Mail 
Extension  type  or  file  extension.  If  you’re  really  para¬ 
noid,  just  block  all  compressed  files  and  executables, 
and  that  will  bring  all  downloading  of  unapproved 
content  to  a  screeching  halt.  If  that  presents  a  prob¬ 
lem  for  your  most  trusted  users,  you  can  set  up  Dans¬ 
Guardian  to  let  only  those  users  through. 

The  last  challenge  is  to  prevent  anyone  from  by¬ 
passing  these  safeguards. 

First,  configure  Squid  to  reject  all  client  IP  address¬ 
es  except  its  own  so  only  DansGuardian  will  have 
permission  to  access  the  Squid  cache.  Then  config¬ 
ure  DansGuardian  to  require  password  authentica¬ 
tion,  or  configure  your  Linux  gateway  as  a  transpar¬ 
ent  proxy.  The  latter  technique  makes  individual  user 
authentication  impossible,  but  it  automatically  forces 
all  outgoing  Web  requests  to  pass  through  Dans¬ 
Guardian.  The  added  benefit  is  that  you  don’t  have  to 
configure  anyone’s  browser  to  access  the  proxy. 

Depending  on  how  you  configure  your  firewall, 
you  may  also  have  to  use  IP  Tables  to  prevent  users 
from  accessing  a  proxy  outside  your  firewall.  IP 
Tables  can  be  difficult  to  grasp,  but  this  is  where 
gShield  comes  to  the  rescue.  There’s  nothing  fancy 
about  gShield,  but  once  you  learn  it,  you’ll 
be  able  to  set  up  any  new  Linux  firewall 
in  minutes. 

The  Anomy  e-mail  filter  can  use  exter¬ 
nal  virus  checkers  to  disinfect  incoming 
attachments.  But  if  all  you  need  to  do  is 
make  your  mail  safe  for  clients  like  Micro¬ 
soft  Outlook,  Anomy  sanitizes  even  the 
subtle  e-mail  exploits.  Finally,  SpamAssas¬ 
sin  catches  a  phenomenal  99%  of  spam  for 
my  domains.  I  personally  use  it  with  the 
commercial  mail  server  CommuniGate 
Pro  ( www.stalker.com ),  but  it  works  with 
just  about  any  e-mail  server.  9 


computer  consultant  and  ' 
author  in  Hayward,  Calif. 
He  can  be  reached  at 

nicholas@petreley.com. 


THE  STRAIGHT  GOODS  ON  SOFTWARE  INTEGRATION 


The  USA  PATRIOT  Act  now 
presents  everyone  with 
an  enormous  information 
integration  challenge.  The 
experts  agree  that  manual 
review  processes  for  your 
customers  and  their  financial 
transactions  will  no  longer 
suffice.  Non-compliance  is 
not  an  option.  The  only  question 
facing  you  is:  who  should  you  engage  as 
your  partner  in  implementing  a  solution? 

THE  SYBASE  APPROACH 

Our  approach  leverages  the  knowledge  and 
capabilities  we've  developed  over  nearly  20 
years  of  managing  information,  application 
and  process  integration. 

The  Sybase  PATRIOTcompliance  Solution 
helps  you  satisfy  the  integration  requirements 
of  the  USA  PATRIOT  Act  by  implementing  a 
totally  automated  process  for  filtering  your 
customers,  employees  and  suppliers  against 
known  suspects,  and  for  continuously 
monitoring  their  activities.  Our  solution 
is  operationally  unobtrusive,  secure  and 
cost-effective. 

THE  FIRST  STEP 

Our  first  step  is  a  Business  Requirements 
Assessment  that  helps  determine  your 
organization's  unique  needs. 

We  work  with  you  to  understand  your  front 
and  back  office  infrastructure.  We  embrace 
the  technologies  and  product  standardization 
of  your  environment.  We  extend  the  Anti- 


The  Software 
Integration  Company 


We  can  help  you  integrate  all  the 
disparate  data  and  business  applications 
running  in  your  enterprise  and  extend 
them  to  any  location  in  the  world: 
platforms,  application  servers, 
components,  databases,  applications, 
processes,  integration  brokers,  even 
mobile/wireless  solutions.  By  choosing 
Sybase,  you  can  preserve  and  extend 
your  existing  infrastructure  investments, 
avoid  proprietary  traps,  and  improve 
efficiency  across  the  enterprise. 


Money  Laundering  and  Bank  Secrecy  Act 
investments  you've  already  made.  We 
make  our  solution  work  for  your  people. 


and  an  array  of  adapters  (F.I.X.,  SWIFT,  Flat 
Files,  database,  CICS,  and  others)  for  accessing 
and  presenting  demographic  and  transaction 
information  from  your  core  systems. 


Having  tuned  our  PATRIOTcompliance 
Solution  to  your  environment,  we  implement, 
rigorously  test  (to  the  very  exacting  standards 
we  developed  to  earn  ISO  9001  /TickIT 
Certification)  and  deploy  the  solution. 


BPI  Suite  is  a  comprehensive  set  of  tools  to 
enable  you  to  rapidly  build,  manage,  monitor 
and  improve  complex  business  processes.  It 
also  speeds  the  development  of  Web  services, 


Switches 


Teller 

Platform 


Currency 


Clearings 


SYBASE  PATRIOTcompliance  SOLUTION 


EDI,  FIX, 
etc.  . 


SSIISI^  wm  Jm& 


Business  Process 
Management/ 
Activity  Monitoring/ 
Integration  Tools 


Enterprise  Portal/ 
Application  Server 


Fraud 

Detection 

System 


SYBASE  SOLUTION  COMPONENTS 


DEPOSIT  ACCOUNTS 


LENDING  AND  CREDIT 


■  ■ 

CORE  APPLICATIONS/SERVICES  ft  ASSOCIATED  INFORM/' 


REPOSITORIES* 


*  including  correspondent,  clearing  and  settlement 
**  including  specific  account  holder  information 

This  is  a  typical  architecture  for  a  depository  financial  institution.  It  can  be  easily  modified  to  fit  your  environment. 


Simultaneously,  we  are  training  your  key 
users  and  administrators.  So  when  our  work 
is  done,  yours  can  go  on. 

IN  THE  END  IT  LOOKS  LIKE  THIS 

Every  solution  will  obviously  be  unique. 

But  typically,  you’ll  find  a  secure  front-end 
employing  the  Sybase  Enterprise  Portal,  with 
pre-built  capabilities  for  list,  filter  and  rules 
management,  searches  across  applications 
and  data  stores,  internal  and  external 
communications,  management  of  the 
investigation  process,  maintenance  of 
search  and  investigation  histories  and, 
of  course,  reporting  and  presentations. 

Tying  everything  together  is  the  Sybase 
Business  Process  Integrator  (BPI)  Suite 


so  you  can  quickly  connect  applications  to 
other  agencies  or  other  financial  institutions. 

Get  a  complete  solution  that  doesn't  require 
you  to  start  from  scratch.  We  have  the 
tools  and  skills  to  have  you  in  compliance 
before  October.  And  who  could  have  an 
issue  with  that? 

We  can  help  you  get  started  right  away  at 
www.sybase.com/integrationsolutions. 


i  Sybase 

Information  Anywhere' 


The  USA  PATRIOT  Act  contains  strong  measures  to  prevent,  detect  and  prosecute  terrorism  and  international  money  laundering,  greatly  expanding  the  breadth 
and  depth  of  the  old  laws.  Broadly  stated,  the  act  requires  that  financial  institutions  know  their  customers  and,  to  the  greatest  extent  possible,  their  customers' 
customers.  Compliance  for  bankers  and  securities  dealers  is  required  by  October  2002.  Non-compliance  could  involve  costly  civil  and  criminal  penalties. 


©2002  Sybase,  Inc.  All  rights  reserved  All  trademarks  are  the  property  of  their  respective  owners 

.  ■■  1,11  "  ","1  \ 

BETTER  WHEN  EVERYTHING  WORKS  TOGETHER.  ) 


i 


i 


4 


TECHNOLOGY 


COMPUTERWORLD  July  22, 2002 


Service-oriented  architectures 
hold  out  the  promise  of  reinvent¬ 
ing  IT  as  we  know  it,  according  to 
proponents  of  Web  services. 

With  Web  services  standards 
such  as  Simple  Object  Access  Pro¬ 
tocol  (SOAP)  for  messaging  and 
Web  Services  Description  Langu¬ 
age  (WSDL)  to  identify  the  content 
of  a  SOAP  message,  users  are  dreaming  up  ways  to  un¬ 
lock  information  formerly  trapped  in  legacy  systems 
and  share  it  across  their  entire  IT  infrastructures. 

Presentation,  data  and  applications  will  be  separat¬ 
ed  into  easy-to-distribute,  easy-to-recombine  objects, 
allowing  companies  to  break  free  of  many  of  the  ap¬ 
plication  development  restraints  they  struggled  with 
in  the  past. 

Yet  the  service-oriented  model  comes  with  a 
daunting  challenge.  Namely,  if  Web  services  are 
going  to  change  how  information  is  passed  and 
processed  in  back-end  systems,  then  back-end  sys¬ 
tems  will  have  to  change  as  well. 

Companies  such  as  New  York-based  insurance  firm 
American  International  Group  Inc.  (AIG)  and  British 
agricultural  giant  Associated  British  Nutrition  &  Agri¬ 
products  (ABNA)  have  undertaken  projects  they  be¬ 
lieve  will  make  them  Web  services-ready  in  the  future. 

Needed:  Real-time  Data 

At  AIG,  Bob  Garzotto,  chief  technology  officer  for 
the  company’s  financial  services  division,  has  been 
overseeing  the  creation  of  a  next-generation  data 
warehouse  that  uses  SOAP  as  a  transport  envelope. 
Garzotto  says  the  real-time  nature  of  the  applications 
that  will  take  advantage  of  Web  services  requires  that 
they  have  accurate,  real-time  data. 

AIG  tapped  Ascential  Software  Corp.  in  Westboro, 
Mass.,  to  create  an  enterprise  data  collection  model 
that  transforms  all  data  into  easily  digestible  chunks 
of  XML  and  connects  multiple  targets  and  sources 
rather  than  working  in  a  point-to-point  fashion. 

Using  IBM’s  MQSeries  messaging  middleware, 
data  from  AIG’s  source  systems  will  feed  into  Ascen- 
tial’s  extract,  transform  and  load  (ETL)  engine.  The 
files  will  then  be  validated,  cleansed  and  compared  to 
previously  cached  files  for  consistency.  The  ETL  en¬ 
gine  will  then  generate  a  flat  XML  version  of  the  data. 

Afterward,  the  data  will  be  converted  to  conform 
to  the  International  Standards  Organization’s  ISO 
15022  XML  standard  so  AIG  can  exchange  it  with 
other  financial  services  companies. 

“Initially,  it’s  going  to  take  some  time  to  build  out 
the  instrument  coverage  and  the  messaging  struc¬ 
ture,  but  the  data  will  be  in  a  form  that  any  of  our 
users  can  work  with,”  Garzotto  says.  “It  will  allow  us 
eventually  to  imbed  this  information  into  a  Web  ser¬ 
vices  application.” 

The  project  started  in  April,  with  the  first  pilot  de¬ 
ployment  scheduled  for  September.  Garzotto  esti¬ 
mates  that  it  will  take  two  to  three  years  to  imple¬ 
ment  the  system  inside  all  of  AIG’s  business  units. 

Just  as  AIG  plans  to  enable  its  Web  services  devel¬ 
opment  with  a  uniform  data  model,  ABNA  intends  to 
do  the  same  with  a  uniform  messaging  model. 

In  April,  ABNA  rolled  out  a  uniform  messaging 
system  from  Sonic  Software  Corp.  in  Bedford,  Mass. 
Mysia  Benford,  IT  director  at  ABNA,  says  the  system 


will  allow  the  company  to  get  away  from  Electronic 
Data  Interchange  messaging  with  its  trading  part¬ 
ners.  With  the  new  system,  XML  messages  received 
from  an  outside  source  will  be  disseminated  within 
ABNA.  The  company  had  been  using  a  Microsoft 
BizTalk-based  trading  hub. 

“We  wanted  to  untie  our  messaging  from  any  par¬ 
ticular  application  vendor,”  says  Benford.  “If  you’re 
working  application-to-application,  it  requires  the 
applications  to  handle  assurance  and  security.  It 
shouldn’t  be  there;  it  should  be  in  the  messaging  lay¬ 
er.”  Now  the  SonicXQ_enterprise  service  bus  will  han¬ 
dle  the  message  delivery  and  secure  transport,  leaving 
the  applications  to  perform  their  primary  functions. 

Gartner  Inc.  analyst  Daryl  Plummer  says  that  in  a 
service-oriented  architecture,  applications  need  to  be 
separated  from  presentation  and  delivery.  “It’s  about 
allowing  a  developer  to  get  things  done  without  hav¬ 
ing  to  get  into  the  complexity  of  it  all,”  he  says. 

The  ultimate  goal  of  Web  services  is  to  crumble 
the  IT  silos  in  a  given  company,  and  some  companies 
are  moving  steadily  toward  that  goal. 


Erik  Sargent,  a  Web  applications  architect  at  Prov¬ 
idence  Health  System,  a  $3.2  billion  hospital  consor¬ 
tium  in  Seattle,  has  been  busily  constructing  a  ser¬ 
vice-oriented  architecture  this  year.  Using  a  Web 
services  management  tool  from  Redwood  City,  Calif.- 
based  Infravio  Inc.,  Sargent’s  development  teams 
have  been  able  to  link  a  user  profile  management 
application  written  using  Java  servlets  with  a  Web 
page  and  credit  card  service  written  using  Microsoft 
Corp.’s  .Net  framework. 

“Basically,  you  replace  database  calls  with  Web 
services  calls,”  he  says. 

Providence  is  currently  using  the  tool  for  its  events 
registration.  If  an  event  requires  credit  card  payment, 
the  Infravio  tool  grabs  that  payment  information, 
wraps  it  in  WSDL  and  sends  it  in  a  SOAP  envelope  to 
the  credit  card  service  and  profile  manager  database. 
Since  each  action  exists  as  a  distributable  chunk 
of  data,  that  information  will  also  be  sent  to  Provi¬ 
dence’s  accounting  division. 

“The  key  is  to  get  something  in  the  middle  to  or¬ 
chestrate  everything,”  Sargent  says.  “The  problem 


A  service-oriented  architecture,  clean 
XML  data  and  better-defined  business 
processes  are  basic  requirements 
or  bringing  Web  services  behind 
corporate  firewalls.  By  Michael  Meehan 


COMPUTERWORLD  July  22,  2002 


TECHNOLOGY 


we  were  having  was  that  Microsoft  really  didn’t  do 
anything  about  the  Java,  and  the  Java  vendors  didn’t 
really  do  anything  about  the  Microsoft  platform.” 

According  to  Sargent,  SOAP/WSDL  objects  enable 
the  Microsoft  and  Java  applications  to  share  informa¬ 
tion.  Without  asking  developers  to  change  a  line  of 
code,  the  breadth  of  those  applications  has  been  dra¬ 
matically  increased. 

But  Providence  is  far  from  done.  Sargent  says  the 
ability  to  swap  data  between  disparate  back-end  sys¬ 
tems  will  play  a  significant  role  in  the  hospital  con¬ 
sortium’s  efforts  to  comply  with  Health  Insurance 
Portability  and  Accountability  Act  regulations. 

“We’ll  need  to  be  able  to  show  who  looked  at  a 
record,  when  and  why,”  Sargent  says.  “Using  a  Web 
services  model,  we’ll  be  able  to  keep  those  records 
constantly  updated.”  To  do  that,  Providence  will 
need  to  unlock  a  legacy  Cobol-based  administration 
system  called  Mumps  that  runs  on  Unix. 

“It  doesn’t  talk  to  anything,”  Sargent  says. 

He  says  Web  services  will  be  used  as  a  distribution 
method  for  information  headed  in  and  out  of  the 
Mumps  system. 

Common  Object  Request  Broker  Architecture 
(CORBA)  objects  will  be  used  to  pull  data  out  of 
Mumps.  The  CORBA  objects  will  then  be  fed  into  a 
Java  application  that  will  provide  business  rules 
around  that  data.  At  that  point,  the  Infravio  manager 
will  transform  the  objects  into  SOAP  objects  for  wide¬ 
spread  distribution. 

Barriers  Come  Down 

Toby  Redshaw,  CTO  at  wireless  device  and  chip 
manufacturer  Motorola  Inc.  in  Schaumburg,  Ill.,  says 
his  company  is  also  forging  ahead  with  a  service- 
oriented  architecture  model.  “It  gives  us  a  chance  to 
dig  into  the  guts  of  manufacturing  processes,”  he  says. 
“Barriers  we’ve  had  forever  are  going  to  come  down.” 

Motorola  has  turned  to  its  enterprise  application 
integration  vendor,  webMethods  Inc.  in  Fairfax,  Va., 
to  help  wrap  manufacturing  information  in  SOAP 
objects  that  can  then  be  distributed  to  other  divi- 


Routing  Legacy  Data  to  Web  Services  at  Providence 

Providence  Health  System  has  a  legacy  Cobol  system  that  contains  the  primary  administrative  and  medical  records  for  its  member 
hospitals.  Due  to  pending  federal  regulations,  much  of  that  information  needs  to  be  exposed  in  real  time. 

Here’s  how  Providence  intends  to  tackle  the  problem: 


CORBA  objects 


Legacy 

system 


Designed  to  pull  dat 
from  system  J 


Java  business  rules 

Govern  the  use  of 
Ik.  that  data  Jm 


Infravio’s  Web  Services 
Management  System 

Wraps  data  in  SOAP  and  WSDL 
and  coordinates  deployment  and  runtime 
with  other  systems 

i wmsmmmm  w  *.  % 


sions  using  webMethods’  integration  broker. 

Redshaw  stressed  the  need  to  create  a  model  for 
what  the  enterprise  architecture  will  look  like  before 
Web  services  development  begins.  He  also  says  that 
as  Web  services  make  data  and  applications  easier  to 
distribute,  companies  will  need  to  beef  up  their  mon¬ 
itoring  capabilities. 

“You  have  to  have  application  and  hardware  visi¬ 
bility  across  your  entire  network,”  Redshaw  says. 

That  kind  of  accessibility  is  particularly  critical  for 
systems  at  the  heart  of  the  enterprise.  The  Denver- 
based  trust  services  division  of  Fiserv  Inc.  relies  on 
two  Unix  servers  for  much  of  the  financial  tracking 
and  tax  reporting  it  performs  as  a  back-office  opera¬ 
tions  provider  to  financial  institutions. 

Both  Unix  servers  run  trust  accounting  software 
from  SunGard  Data  Systems  Inc.  in  Wayne,  Pa.  Greg 
Bakke,  Fiserv’s  director  of  systems  development,  says 
unlocking  the  servers  was  crucial  to  creating  a  ser¬ 
vice-oriented  architecture. 

Bakke  found  his  key  in  the  form  of  screen-scraping. 
Using  tools  from  SilverStream  Software  Inc.  in  Biller¬ 
ica,  Mass.,  Bakke’s  staff  has  been  able  to  pull  informa¬ 
tion  from  the  fields  on  the  green-screen  terminals 
that  interface  with  the  SunGard  system.  It’s  then 
transformed  into  XML  data  objects  that  are  fed  to  the 
SilverStream  Java  application  server  Fiserv  uses. 

“You  have  to  script  that  entire  function  and  create 
the  workflow,  but  it’s  a  way  to  get  components  that  I 
can  then  wrap  in  Web  services,”  Bakke  says. 

He  chose  screen-scraping  for  the  job  because  there 
didn’t  seem  to  be  an  easy  programmatic  way  to  un¬ 
lock  the  system. 

“We’re  very  much  defining  the  infrastructure  we 
need  for  a  service-oriented  architecture,”  Bakke  says. 
“Every  new  product  we  buy  now,  we  look  to  see  if 
there’s  a  way  of  exposing  things  as  Web  services  so 
that  we  can  reuse  them.” 

Plummer  agrees  that  users  will  need  to  think 
through  how  their  systems  will  consume  and  process 
Web  services  to  make  the  technology  work  to  its 
maximum  benefit.  Although  some  people  loosely 


define  Web  services  as  any  business  service  using 
Internet  transport  or  XML  data,  Plummer  recom¬ 
mends  that  users  demand  more. 

“If  anybody  has  a  Web  services  tool  and  it  does  not 
use  SOAP,  WSDL  or  UDDI,  kick  them  to  the  curb,” 
he  says.  “That’s  not  a  true  Web  services  tool.”  I 

SECURING  WEB  SERVICES 

Read  why  performance  and  security  continue  to  top  the  list  of  user 
concerns  about  Web  services.  QuickLink:  31369 

View  a  checklist  of  items  to  consider  when  preparing  to  secure  Web  services. 

QuickLink:  31366 
www.computerworld.com 


Building  the  Basics 


h  Concentrate  on  application  integration  rather 
than  collaborative  efforts  with  trading  partners. 

A  company  that  has  streamlined  its  own  processes  will 
likely  find  it  easier  to  collaborate  with  others  in  the  future. 

■  Approach  Web  services  security  in  a  systematic 

fashion.  Pay  particular  attention  to  identity  management. 

■  Choose  a  companywide  XML  data  standard  and 
stick  with  it.  Quality  data  will  be  a  key  in  building  a 
service-oriented  architecture. 

■  Don’t  assume  you  have  the  bandwidth  to 
support  a  service-oriented  architecture.  Monitor 
your  network  and  systems  to  make  sure  Web  services 
don’t  create  new  bottlenecks  or  prohibitively  slow  the 
speed  at  which  you  do  business. 

■  Tactical  projects  need  to  fit  into  a  bigger 
picture.  Avoid  building  new  stovepipes. 

■  Vendor  responsibilities  likely  will  change  with 
the  advent  of  Web  services.  Make  sure  you 
understand  those  changes  and  build  them  into  the 
performance  clauses  of  your  contracts. 

■  Avoid  complicated  workflow  routines  reliant 
upon  Web  services,  because  the  tools  to  properly 
orchestrate  those  routines  haven’t  yet  been  built. 


32 


COMPUTERWORLD  July  22, 2002 


TECHNOLOGY 


“COLLABORATION  CONNECTS  blue  sky  with  solid  ground,”  according  to  John  Waraniak, 
executive  director  of  e-speed  at  Johnson  Controls  Inc.  in  Milwaukee. 

PORTAL  MASKS 
INTEGRATION 

PLEXITY 

Johnson  Controls  has  cut  product  costs 
hy  $20  million  with  a  collaboration  portal 
'  that  integrates  supplier  applications. 

By  Mark  Hall 


ollaborate  or  die.  That’s  the 
unspoken  motto  at  Johnson 
Controls  Inc. 

It  permeates  nearly  every¬ 
thing  from  product  de¬ 
sign  to  delivery  within 
the  company’s  automotive  sup¬ 
ply  division.  So  it  comes  as  no 
surprise  that  Johnson  Controls 
(JCI)  is  well  along  in  an  application  in¬ 
tegration  project  that  has  turned  col¬ 
laboration  into  something  far  more 
than  a  motto. 


“Collaboration  connects  blue  sky 
with  solid  ground,”  says  John  Waraniak, 
executive  director  of  e-speed  at  the 
Milwaukee  manufacturer.  The  automo¬ 
tive  division  where  he  works  de¬ 
livered  $13.6  billion  of  JCI’s  $18.4 
billion  in  revenue  last  year  and 
is  a  Tier  1  supplier  of  car  and 
truck  cockpits,  which  include 
the  dashboard,  seats  and  other  interior 
parts.  JCI  builds  almost  half  of  the 
cockpits  used  in  the  approximately  50 
million  vehicles  manufactured  by  the 


world’s  major  automakers  each  year. 

Waraniak  says  product  ideas  must  be 
analyzed  in  the  early  design  stages  by 
those  most  affected  to  avoid  costly  mis¬ 
takes.  Fixing  a  problem  during  engi¬ 
neering  design,  for  example,  costs  one- 
tenth  of  what  it  would  cost  once  a  prod¬ 
uct  reaches  the  prototype  stage.  If  the 
product  reaches  the  field,  the  cost  can 
easily  top  1,000  times  what  it  would 
have  taken  to  correct  the  problem  on 
the  assembly  line.  Waraniak  says  the 
collaboration  work  at  JCI  has  saved  the 
company  a  whopping  80%  on  research 
and  development  investments. 

How  the  Technology  Works 

“Sixty  percent  of  our  work  is  engi¬ 
neer-to-order.  We  conceive  and  then  we 
build,”  he  says.  “That  means  we  depend 
on  tribal  knowledge  for  insight  into  the 
product  and  the  process  for  making  it.” 

Throw  in  a  multitiered  supply  chain 
with  countless  suppliers,  and  that  trib¬ 
al  knowledge  wouldn’t  be  possible 
without  automation,  including  the  in¬ 
tegration  of  key  applications  as  part  of 
the  collaboration  process,  Waraniak 
says.  That’s  why  the  company  was  an 
early  proponent  of  the  automotive  in¬ 
dustry’s  Covisint  business-to-business 
online  exchange.  It’s  also  why  JCI  be¬ 
gan  work  on  its  own  “business  place” 
in  January  last  year  using  technology 
from  MatrixOne  Inc.  in  Westford, 

Mass.  This  private  exchange  acts  as  a 
portal  that  masks  integration  hassles 
by  preselecting  applications  that  work 
with  those  in  use  on  the  exchange. 

Outside  suppliers  that  access  JCI’s 
exchange  run  a  version  of  MatrixOne’s 
software  on  their  sites.  The  software 
has  extensions  to  the  tools  that  a  sup¬ 
plier  might  use.  For  example,  a  suppli¬ 
er  can  use  computer-aided  design  and 
manufacturing  data  on  the  JCI  ex¬ 
change  in  the  application  it  knows 
best,  such  as  San  Rafael,  Calif.-based 
AutoDesk  Inc.’s  AutoCAD  software 
with  Catera  5,  while  still  benefiting 
from  collaboration  with  engineers  that 
use  different  software.  MatrixOne’s 
software,  which  runs  on  each  collabo¬ 
rator’s  location,  takes  care  of  the  differ¬ 
ences  between  users’  applications. 

Beyond  engineering  design,  JCI  is 
using  MatrixOne  for  its  manufacturing 
supply  chain,  where  users  inside  and 
outside  of  JCI  don’t  have  to  concern 
themselves  with  the  source  of,  say, 
enterprise  resource  planning  (ERP) 
information  sent  from  a  J.D.  Edwards 
application  to  an  SAP  program.  For  ex¬ 
ample,  JCI  builds  the  cockpit  for  the 
Jeep  Liberty  using  35  suppliers,  all  of 
which  can  work  with  data  from  one  an¬ 
other’s  various  inventory  applications 


JOHNSON 
CONTROLS  INC. 

Business:  Supplies  seating, 
interiors  and  batteries  for  cars 
and  trucks  as  well  as  systems 
and  services  to  control  heating, 
ventilating,  air  conditioning, 
lighting,  security  and  fire 
management  in  buildings 

2001  sales:  $18.4  billion 

Subsidiaries:  More  than  80 
worldwide 

www.johnsoncontrols.com 

SOURCES:  JOHNSON  CONTROLS  INC., 
HOOVERS.COM 


to  gauge  when  they  will  need  to  supply 
parts  to  JCI’s  manufacturing  floor.  “We 
want  to  provide  visibility  all  through 
our  supply  chain,”  Waraniak  says. 

Few  companies  achieve  the  kind  of 
visibility  JCI  does,  says  Kevin  Prouty, 
an  analyst  at  AMR  Research  Inc.  in 
Boston.  And  it’s  paying  dividends.  “It’s 
one  of  the  few  larger  automotive  sup¬ 
pliers  [that  has]  grown  margins  during 
these  down  times,”  he  says. 

However,  Prouty  says  he  doesn’t  be¬ 
lieve  MatrixOne  will  solve  all  of  JCI’s 
future  integration  problems.  “Just 
when  you  think  that  you’ve  built  the 
last  adapter  you’ll  ever  need,  you  ac¬ 
quire  a  new  company  with  a  different 
legacy  ERP  system,”  he  says. 

What  It  Delivers 

For  Waraniak,  the  progress  is  tangi¬ 
ble.  Collaboration  on  2003  and  2004 
model-year  automobiles  has  yielded 
gains  in  efficiency.  He  says  engineers 
have  used  collaborative  online  design 
to  reduce  costs  by  $20  million  in  JCI’s 
“core  products  portfolio,”  primarily  by 
reducing  the  number  of  discrete  parts 
in  each  cockpit  component. 

Collaboration  cuts  time  out  of  com¬ 
ponent  design,  Waraniak  says.  What 
once  took  days  as  overnight  express 
packages  went  back  and  forth  takes  “a 
few  hours  on  the  Web,”  he  says,  which 
is  critical  when  there  are  as  many  as 
5,000  distinct  parts  in  a  vehicle. 

Engineers  also  save  time  using  the 
exchange  by  sharing  drawings,  revising 
calculations  and  exchanging  critical 
feedback  on  ongoing  work.  “Typically, 
engineers  spend  half  their  time  engi¬ 
neering  and  the  rest  of  the  time  they 
are  looking  for  information,”  Waraniak 
says.  “With  the  exchange,  it’s  all 
brought  together  for  them.”  I 


YES!  Please  enter  my  subscription  to  Computerworld  -  I’ll  pay  just  $68.00* 
for  51  weekly  issues.  That’s  a  savings  of  over  73%  off  the  single  copy  price. 


FIRST  NAME  Ml  LAST  NAME 


TITLE 


COMPANY 


E-MAIL  ADDRESS 


ADDRESS 


CITY  STATE  ZIP 

*U.S.  Only.  Canada  $110,  Mexico,  Central/South  America  $250,  Europe  $295,  all  other  countries  $295.  Foreign  orders  must 
be  prepaid  in  U.S.  dollars.  Address  Shown:  □  Home  □  Business  □  New  □  Renew  Single  copy  price:  $5.00/issue 

COMPUTERWORLD 

THE  NEWSPAPER  FOR  IT  LEADERS 


COMPUTERWORLD 

PO  BOX  512 
MT  MORRIS  IL  61054-7572 


COMPUTERWORLD  July  22, 2002 


TECHNOLOGY 


pgp<yj 

SHAKY 

GROUND 


The  standard  for  Web  encryption  programs 
is  being  abandoned  by  its  vendor,  leaving 
plenty  of  questions  and  problems  for  users. 

BY  DEBORAH  RADCLIFF 


AD  THINGS  DO  HAPPEN  TO  GOOD 
code.  So  learned  Phil  Zimmermann, 
author  of  Pretty  Good  Privacy  (PGP), 
which  in  the  early  1990s  became  the 
de  facto  standard  for  cryptology  de¬ 
velopment  on  the  Internet,  accord¬ 
ing  to  analysts  and  user  groups. 

While  working  with  human  rights  advocates  in 
1991,  Zimmermann  released  his  powerful  en¬ 
cryption,  signing  and  authentication  free¬ 
ware,  which  did  away  with  the  need  for 
third-party  key  authorities  to  issue  and  man¬ 
age  the  keys  that  lock  and  unlock  data. 

In  fact,  the  mathematical  encryption  algorithm 
was  so  good  that  Zimmermann  nearly  went  to  jail 
after  one  of  his  associates  posted  the  algorithm’s 
source  code  on  the  Web  and  it  caught  the  attention 
of  the  U.S.  Customs  Service.  The  federal  government 
wasn’t  happy  that  such  a  powerful  secrecy  tool  had 
become  available  to  anyone  who  wanted  it  and  had 
the  technical  skills  to  use  the  complex  program.  It 
took  a  three-year  legal  battle  before  Zimmermann 


PRIVACY 


was  eventually  cleared  of  violating  the  International 
Traffic  in  Arms  Regulations  for  exporting  munitions. 

Two  years  ago,  after  an  unsuccessful  attempt  to 
make  money  on  PGP  on  his  own,  Zimmermann  sold 
PGP  to  Network  Associates  Inc.  (NAI)  in  Santa 
Clara,  Calif.  NAI  tried  to  integrate  and  market  PGP 
as  part  of  an  all-in-one  firewall,  virtual  private  net¬ 
work  and  peer-to-peer  encryption  appliance  but  was 
unable  to  sell  the  product,  says  Ryan  McGee, 
group  product  manager  at  McAfee  Security,  a 
division  of  NAI.  Nor  could  the  company  find 
another  vendor  to  buy  PGP.  So  in  February,  it 
pulled  support  for  the  product. 

“As  Network  Associates  drops  PGP,  it  drops  the 
ease  of  use  and  high  level  of  integration  PGP  achieved 
in  the  desktop  computing  environment,”  says  Julian 
Koh,  a  network  engineer  at  Northwestern  University 
in  Evanston,  Ill.,  who  uses  PGP  for  file  and  mail  en¬ 
cryption  inside  Northwestern’s  network.  “They’ve 
also  dropped  support  for  that  product.  So  if  some¬ 
one’s  using  the  latest  version  of  PGP  on  XP  and  they 
install  a  Microsoft  service  pack  for  XP,  it  could  break 


WHAT  IS  PGP? 


PGP  is  based  on  the  public-key  encryption  method,  which  uses 
two  keys:  One  is  a  public  key  that  the  user  disseminates  to  anyone 
from  whom  he  wants  to  receive  a  message;  the  other  is  a  private 
key  used  to  decrypt  received  messages.  It's  almost  impossible  to 
deduce  the  private  key,  even  if  you  know  the  public  key.  But  a  diffi¬ 
culty  with  public-key  systems  is  that  you  need  to  know  the  recipi¬ 


ent’s  public  key  to  encrypt  a  message  for  him. 

Public-key  cryptography  is  also  called  asymmetric  encryption 
because  it  uses  two  keys  instead  of  one  (symmetric  encryption). 

Encrypting  a  message  using  PGP  requires  the  PGP  encryption 
package,  which  is  available  for  free.  The  official  repository  is  at  MIT. 

-  Deborah  Radcliff 


their  PGR  And  there’s  not  going  to  be  any  update 
from  Network  Associates  to  patch  PGP.” 

Because  of  PGP’s  history  as  free  software,  the 
number  of  companies  that  have  installed  it  is  un¬ 
known.  But  large  organizations  such  as  Lockheed 
Martin  Corp.  use  PGP  on  a  limited  basis  for  critical 
communications  and  file  encryption,  according  to  a 
spokesperson  at  the  Bethesda,  Md.-based  company. 
And  PGP  is  also  being  used  in  a  lot  of  Web  site 
scripting,  says  Adam  Back,  a  security  consultant  in 
Montreal  who  has  used  PGP  for  eight  years. 

German  businesses  are  big  users  of  PGP,  according 
to  Werner  Koch,  lead  developer  of  GNU  Privacy 
Guard  (GNUPG)  in  Dusseldorf,  Germany.  Many  of 
those  PGP  installations  in  Germany 
are  being  replaced  with  GNUPG,  for 
which  Koch’s  small  business  will 
make  its  money  from  support  fees. 

The  code  and  concept  of  GNUPG  is 
closely  related  to  that  of  PGP. 

“In  the  past  year,  a  lot  of  compa¬ 
nies  have  installed  PGP  for  their 
e-mail  encryption  because  of  de¬ 
mands  from  their  suppliers  to  en¬ 
crypt  business-to-business  commu¬ 
nications,”  Koch  says.  “Now  those  companies  have 
real  problems,  because  there  are  no  more  patches 
and  updates  for  the  product.  So  some  of  these  com¬ 
panies  are  removing  their  PGP  software  and  asking 
if  we  can  support  GNUPG  for  them.” 

GNUPG  is  the  first  and  strongest  new  form  of  PGP 
to  step  into  the  void  left  by  NAI.  GNUPG  is  working 
on  a  less  complex  interface,  and  installing  its  program 
is  no  more  difficult  than  downloading  any  software, 
says  Gary  Kessler,  a  cryptography  instructor  at  the 
SANS  Institute  in  Bethesda,  Md.,  and  assistant  pro¬ 
fessor  of  computer  networking  at  Champlain  College 
in  Burlington,  Vt.,  which  houses  a  PGP  key  server. 

PGP  proponents  also  say  that  more  variants  will 
emerge  from  the  open  PGP  standard.  PGP  remains 
attractive  because  prominent  alternatives  such  as 
Secure  Multipurpose  Mail  Extensions  require  third- 
party  authorities  to  issue  encryption  keys,  they  say. 

More  PGP  development  “would  make  a  profit 
motive  for  a  company  to  step  in  and  offer  commer¬ 
cial  support  contracts  for  PGP,”  Kessler  says.  “For 
example,  Eudora,  which  already  has  plug-ins  for  PGP, 
and  HushMail,  which  supports  PGP  in  its  latest  ver¬ 
sion,  could  start  to  offer  support.” 

Kessler  uses  PGP  by  pushing  a  button  on  his  Eudo¬ 
ra  e-mail  program.  But  he  can’t  send  PGP-encrypted 
e-mail  to  many  of  his  associates,  because  they  don’t 
have  plug-ins  for  their  e-mail  programs.  More  PGP 
plug-ins  to  popular  e-mail  applications  and  services 
would  introduce  millions  of  users  to  PGP,  which 
would  also  promote  commercial  support,  Kessler  says. 

Will  new  open-source  developments  move  fast 
enough  to  encourage  commercial  support  for  end 
users  of  PGP?  “I’m  sworn  to  secrecy,  but  I  person¬ 
ally  know  people  working  on  this  problem,  and  I’m 
sure  the  void  will  be  filled  in  six  months,”  says  Jon 
Callas,  senior  systems 
architect  at  a  technol¬ 
ogy  company  in  the 
San  Francisco  Bay 
area  and  a  former 
PGP  developer.  > 


PRETTY  GOOD  RUN 

For  more  on  the  history  of  P6P  and 
some  useful  links,  see  our  Web  site: 

OQuickLink:  31394 

www.computerworld.com 


34 


TECHNOLOGY 


COMPUTERWORLD  July  22, 2002 


Only  the 

Strong 

Survive 


MELANIE 

MITCHELL 

Position: 

Research 
computer 
scientist 


&  Employer: 

*  Santa  Fe 
Institute,  a  New  Mexico 
think  tank  specializing 
in  emerging  science 

Research  interests: 

Intelligent  systems  and 
machine  learning,  com¬ 
plex  systems,  evolution¬ 
ary  computation  and 
artificial  life 


evolutionary  methods  to  do  real-world 
applications.  Examples  are  factory  job 
scheduling,  supply  chain  optimization 
and  automatic  design  of  things  like 
circuits. 

What’s  driving  this?  People  have 
learned  how  to  exploit  these  methods 
better,  and  more  and  more  people  are 
getting  interested  in  biologically  in¬ 
spired  methods  in  computer  science. 
And  we  have  the  kind  of  computer 
power  to  really  use  these  algorithms 
on  a  much  larger  scale.  They  are  very 
computationally  intensive,  and  a  lot 
of  people  are  now  looking  at  genetic 
algorithms  implemented  on  a  parallel 
computer  or  some  large  network  of 
computers. 

Is  anything  holding  back  even  wider  use 
of  evolutionary  computing?  People  don’t 
understand  very  well  what  character¬ 
izes  problems  that  evolutionary  meth¬ 
ods  work  well  on.  That’s  an  open  prob¬ 
lem.  There’s  some  intuition,  but  no 
real  formal  analysis. 


Melanie  Mitchell  says  computer  scien¬ 
tists  and  biologists  can  learn  a  lot  from 
each  other.  She’s  studying  how  natural 
systems  perform  computation,  and  she’s 
using  her  findings  to  develop 
new  kinds  of  computational 
methods.  Mitchell  recently  told 
Computerworld’s  Gary  H. 

Anthes  how  we  can  solve  some 
complex  problems  by  letting  sys¬ 
tems  evolve  solutions  through  a  process 
of  natural  selection. 

Is  evolutionary  computing  beginning  to 
move  out  of  the  academic  realm?  This 
whole  field  has  really  exploded  recent¬ 
ly.  More  and  more  people  are  using 


Nevertheless,  what  can  you  say  about 
why  this  method  is  sometimes  so  effec¬ 
tive?  More  and  more  people  in  the 

field  of  artificial  intelligence 
are  finding  that  if  you  want  to 
create  very  complex  comput¬ 
ing  systems  that  act  intelli¬ 
gently  or  in  lifelike  ways, 
that’s  very  difficult  to  engi¬ 
neer  by  hand.  You  have  to  let  systems 
learn  on  their  own.  Evolutionary  com¬ 
puting  is  one  kind  of  machine  learning; 
neural  networks  is  another. 

You’re  doing  research  in  co-evolutionary 
computing.  How  does  that  differ  from 


FUTURE 

WATCHQ 


evolutionary  computing?  In  machine 
learning,  the  traditional  way  you  get  a 
system  to  do  what  you  want  is  you 
come  up  with  a  fixed  set  of  training  ex¬ 
amples  —  examples  of  the  problem  it’s 
going  to  be  faced  with.  Then  you  try 
the  system  out  on  the  training  exam¬ 
ples,  and  if  it  gets  the  right  answer,  it 
gets  credit,  and  if  it  gets  the  wrong  an¬ 
swer,  it  gets  punished. 

But  in  co-evolution,  you  actually 
evolve  the  training  examples,  and  they 
evolve  to  be  increasingly  challenging. 
So  you  try  to  evolve  test  cases;  you  are 
generating  them  dynamically.  Manu¬ 
facturing  systems  could  lend  them¬ 
selves  to  this,  because  you  might  try  to 
evolve  situations  that  would  break 
them  because  you  are  trying  to  make 
them  as  robust  as  possible. 

Will  computer  scientists  continue  to 
learn  lessons  from  biologists?  Yes. 
Learning  how  biological  systems 
process  information  will  eventually 
lead  to  new  kinds  of  computing  sys¬ 
tems.  One  of  the  problems  in  computer 
science  right  now  is  that  the  standard 
design  for  computing  is  very  unlifelike. 
Living  systems  have  many  relatively 
simple  components,  and  each  compo¬ 
nent  does  some  simple  thing,  but  col- 


ONLINE  RESOURCES 

©  Melanie  Mitchell’s  home  page: 
www.santafe.edu/-mm 

O  Evolving  Cellular  Automata  group  home  page: 
www.santafe.edu/-evca 

©  Papers  about  evolutionary  computing: 
www.santafe.edu/-mm/paper-abstracts.html 

©  The  Genetic  Algorithms  Archive: 
www.aic.nrl.navy.mil/galist/ 

lectively,  the  whole  network  of  compo¬ 
nents  computes  very  complicated 
things.  That  has  a  lot  of  advantages, 
such  as  it  can  be  much  faster  and  more 
robust. 

Can  you  give  an  example  of  such  a 
system?  Scientists  are  understanding 
more  and  more  about  how  the  immune 
system  is  really  an  information,  and 
in  some  ways  a  cognitive,  system.  So 
in  computer  security,  you  might  do 
immune-system-like  computation. 

Can  biologists  learn  from  computer 
scientists  as  well?  Absolutely.  It  cuts 
both  ways.  Computer  scientists  are 
thinking  about  information-processing 
in  machines,  and  sometimes  that  gives 
rise  to  new  ideas  in  biology.  Computer 
science  and  biology  are  intimately 
connected.  I 


Evolution  via  Genetic  Algorithms 


Imagine  a  very  complex  prob¬ 
lem-supply  chain  optimiza¬ 
tion,  for  example  -  in  which  a 
computer  generates  millions  of 
trial  solutions  completely  at 
random  and  then  picks  the  one 
with  the  lowest  cost.  Such  a  trial-and-error 
approach  isn’t  practical  with  big  problems 
because  there  are  just  too  many  combinations 
of  variables  to  try  even  a  small  fraction  of  them. 

However,  that’s  essentially  what  evolutionary 
computing  does  -  but  with  one  major  differ¬ 
ence.  It  converges  on  an  answer  by  breeding 
better  and  better  solutions  from  the  most 
promising  parents  in  each  generation  of  trials. 
Here’s  Melanie  Mitchell’s  explanation: 


“Evolutionary  algorithms  start  out  with  a  ran¬ 
domly  generated  population  of  from  50  to  500 
candidate  solutions.  At  each  time  step,  or  gen¬ 
eration,  all  the  individuals  are  evaluated  and  as¬ 
signed  a  number,  called  fitness.  It’s  a  measure 
of  how  good  a  solution  it  is.  Then  some  per¬ 
centage,  usually  between  20%  and  80%,  of 
the  highest-fitness  individuals  get  to  reproduce. 

“They  reproduce  two  ways:  by  cross-over, 
where  you  take  one  part  of  one  individual  and 
some  part  of  another  individual  and  combine 
them;  and  by  mutation,  where  you  randomly 
change  parts  of  an  individual.  The  offspring  are 
put  into  the  next  generation,  and  the  whole 
process  starts  again.” 

-  Gary  H.  Anthes 


FITNESS  LEVEL 
1=HIGHEST 
10=L0WEST 

■a  m 

rpl  tp 

i  i 


1 


□□□HU 

rfl  ryl  yi 

■ii 

■  i 

I 


Generation  1 


Generation  2 


Generation  3 


COMPUTERWORLD  July  22, 2002 


TECHNOLOGY 


[DEFINITION  | 

Unified  messaging  is  the  term  for  a  system  that 
provides  access  to  e-mail,  voice  and  fax  messages 
through  a  single  common  interface,  usually  an 
e-mail  client  application. 


QUICK 
ST 


BY  JAMES  COPE 

Although  differ¬ 
ent  ways  of  com¬ 
municating 

might  help  _ 

today’s  mo 
bile  workers  stay  in 
touch  with  business 
associates  and  family, 
having  too  many  com¬ 
munications  options  can  frus¬ 
trate  workers  and  diminish 
productivity.  A  simple  but  per¬ 
vasive  example  is  the  use  of 
two  voice  mail  systems,  one 
for  the  office  and  one  for  a 
mobile  phone. 

Add  to  this  the  incessant 
flow  of  paper  documents  from 
printers  and  fax  machines,  and 
it’s  no  wonder  that  many  in¬ 
formation  workers  sense 
they’ve  become  victims  of 
their  technologies. 

Part  of  the  answer  to  the 


AT  A  GLANCE 

Unified 

Messaging 

Voice,  fax  and  e-mail 
are  placed  in  the  enterprise 
e-mail  server  message  store. 


Where  traditional  PBX 
systems  are  still  in  use  in 
conjunction  with  data  net¬ 
works,  voice  messages  are 
stored  in  the  PBX  system 
and  then  duplicated  in  the 
data  message  store. 


'  All  messages,  be  they 
voice,  fax  or  e-mail  text, 
are  routed  to  a  recipient's 
e-mail  in-box. 


vexing  issue  of  managing  mul¬ 
tiple  message  delivery  systems 
is  routing  messages,  no  matter 
what  type,  to  the  user’s  e-mail 
_  in-box.  To  do  that,  uni¬ 
fied  messaging  vendors 
such  as  Avaya  Inc.  in 
Basking  Ridge,  N.J.,  Nor¬ 
tel  Networks  Ltd.  in 
Brampton,  Ontario,  and 
Cisco  Systems  Inc.  route  mes¬ 
sage  data  to  an  e-mail  server  — 
Microsoft  Exchange  or  Lotus 
Notes,  for  example  —  which 


UDY 


% 


How  It  Works 


MESSAGES 
COME  IN  VIA 

VOICE 
MAIL 
on  your 
own 
private 
number 


LIVE  PHONE 
OPERATOR 
MESSAGES 
on  your 
own  private 
number 


FAXES 
on  your 
own 
private 
number 


E-MAIL 
from  your 
unified 
messaging 
system 
address  and 
from  your 
existing 
address 


forwards  the  data  to  the  user’s 
e-mail  client  application. 

In  order  to  accommodate 
voice  messages,  the  unified 
messaging  vendor’s  system 
converts  them  to  digital  files 
that  can  be  stored  on  a  mail 
server  or  a  user’s  hard  drive 
like  any  other  data  file.  Simi¬ 
larly,  incoming  faxes  are  col¬ 
lected  by  a  fax  server,  convert¬ 
ed  to  image  files  and  sent  on 
to  the  mail  server.  The  mail 
server  subsequently  routes 


YOU  COLLECT 
THEM  FROM... 


PHONE 
via  e-mail 
text-to- 
speech,  fax 
or  voice  mail 


FAXES 

of  text 
messages 


WEB 
via  www. 
message 
collect.com 


E-MAIL  using 
any  external 
e-mail  address 


COMPUTER 
via  e-mail 
application 


PDA  or  hand¬ 
held  organizer 


PAGER  AND 
SMS  notifica¬ 
tions  and  full 
messages 


voice  and  fax  messages  to  the 
user’s  e-mail  application,  such 
as  Microsoft  Outlook  or  the 
Lotus  Notes  client  application. 

Assuming  the  user  has  au¬ 
dio  drivers  and  a  speaker  or 
headphones,  he  can  simply 
click  the  attachment  to  play 
the  voice  mail  audio  file.  He 
can  also  click  an  attachment  to 
review  a  fax  on  screen  using 
his  image-viewing  application. 

Behind  the  Scenes 

While  the  technology  in¬ 
volved  in  unified  messaging 
seems  to  beg  for  an  all-IP  ap¬ 
proach  instead  of  a  separate 
private  branch  exchange 
(PBX)  system  for  voice  and  an 
IP  network  for  data,  the  reality 
is  that  most  large  companies 
still  have  PBX  voice  messag¬ 
ing  systems  that  work  just 
fine.  And  most  companies 
aren’t  willing  to  replace  some¬ 
thing  that  works  just  fine. 

Thus,  network  equipment 
vendors  have  been  bridging 
the  gap  between  traditional 
PBX  corporate  phone  systems 
and  existing  data  networks. 
The  idea  is  to  show  voice 
messages  in  a  user’s  e-mail 
in-box  even  though  they  may 
also  be  left  on  a  PBX-based 
voice  mail  system. 

How  vendors  approach 
building  this  bridge  depends 
on  what  side  of  the  river  they 
started  from.  For  example,  the 
big  North  American  PBX  man¬ 
ufacturers,  Avaya  and  Nortel, 
have  worked  to  connect  their 
PBX-based  voice  messaging 
systems  to  data  networks.  Cis¬ 
co,  which  came  from  the  data 
networking  side  with  its  IP- 
based  switching  and  routing 
equipment,  has  reached  out  to 
interface  its  voice-over-IP  uni¬ 
fied  messaging  system  with 
existing  PBX  systems. 

Despite  their  different  start¬ 
ing  points,  these  and  other 
vendors  and  are  now  building 


Beyond  the 
Single  In-box 

A  single  PC-based  in-box  for 
voice,  fax  and  e-maii  messages 
may  be  convenient  enough  for 
employees  who  work  from  a 
single  office  or  who  travel  occa¬ 
sionally.  But  it  just  doesn’t  do 
the  job  for  workers  who  alter¬ 
nate  between  different  sites  or 
are  on  the  road  three  or  four 
days  a  week. 

As  a  result,  there’s  been  a 
growing  interest  in  ways  to  ac¬ 
cess  and  control  the  flow  of  in¬ 
formation  through  conventional 
and  mobile  telephones.  So  a 
mobile  worker  may,  instead  of 
accessing  voice  mail  and  e-mail 
over  a  dial-up  connection,  call 
his  message  box  from  a  cell 
phone  to  retrieve  both  voice 
and  text  messages.  A  text-to- 
speech  engine  would  read 
e-mail  messages  to  the  user. 

The  latest  unified  messaging 
systems  enable  end  users  to 
set  rules  for  how  an  automated 
call  agent  handles  incoming 
calls  to  a  single  phone  number. 
The  user  can  specify  who  gets 
through  live  and  who  goes  to 
voice  mail,  based  on  their 
recorded  name  or  caller  ID. 

Moreover,  the  user  can  in¬ 
struct  the  agent  to  route  calls  to 
different  phones  during  certain 
time  periods  -  for  example,  all 
calls  can  be  sent  to  the  office 
phone  on  Mondays  and  Tues¬ 
days,  to  a  mobile  phone  on 
Wednesdays  and  Thursdays, 
and  to  a  home  phone  on  Fridays. 

-  James  Cope 


unified  messaging  systems 
that  treat  e-mail,  voice,  fax  and 
even  video  as  simply  different 
forms  of  data.  When  it  comes 
time  to  replace  the  old  PBX- 
based  voice  mail  system,  it 
will  just  be  put  aside  and  the 
data  network  will  take  over 
the  job.  I 


Cope  is  a  Computerworld  con¬ 
tributing  writer.  You  can  reach 
him  at  jc@jamescope.com. 


UNIFIED  MESSAGING 
AS  A  SERVICE 


Find  out  about  one  busy  exec's  experience 
using  a  messaging  ASP. 


OQuickLink:  31195 

www.computerworld.com 


36 


TECHN0L06Y 


COMPUTERWORLD  July  22, 2002 


Recruiting  Effort  Draws 
‘Articulate  Incompetents’ 


As  the  search  for  security  talent 
comes  up  short,  Mathias  tunes 
the  IDS  to  reduce  the  monitoring 
workload.  By  Mathias  Thurman 


IT’S  BEEN  ALMOST  A 

month  since  I  lost  two 
security  staffers,  and  I 
still  haven’t  found  re¬ 
placements.  Although 
we’ve  found  plenty  of  candi¬ 
dates,  few  have  been  truly 
qualified. 

What’s  worse,  the 
unqualified  candi¬ 
dates  have  been  get¬ 
ting  through  our 
screening  process.  I 
assumed  that  the  re¬ 
cruiters  we  hired 
were  filtering  out 
candidates  so  that  those  who 
came  in  for  an  interview 
would  at  least  be  somewhat 
qualified  for  the  job.  They’re 
not.  I’ve  interviewed  about  a 
dozen  people,  and  only  one 
was  even  remotely  qualified. 

The  other  candidates  were 
either  fresh  out  of  school  and 
had  no  experience  or  were 
what  I  call  articulate  incom¬ 
petents.  These  “security  pro¬ 
fessionals”  could  talk  the  talk 
but  couldn’t  add  a  user  to  a 
Unix  system  if  their  lives  de¬ 
pended  on  it. 

If  you’re  going  to  use  re¬ 
cruiters  to  screen  candidates, 
you  need  to  provide  them  with 
a  list  of  technical  questions 
that  anyone  applying  for  the 
position  should  be  able  to  an¬ 
swer.  For  example,  a  security 
engineer  with  Solaris  experi¬ 
ence  should  be  able  to  describe 
the  proper  command  to  con¬ 
figure  a  network  interface. 

I’m  now  giving  my  recruiters 
a  set  of  such  questions  with  the 
correct  answers.  Armed  with 
this  resource,  the  recruiters 
should  be  able  to  filter  out 
those  who  have  good-looking 
resumes  but  lack  practical  ex¬ 
perience.  This  should  reduce 


the  time  wasted  interviewing 
bad  candidates.  But  it  won’t 
solve  the  basic  problem:  Good 
candidates  are  difficult  to  find. 

Meanwhile,  my  arrangement 
with  the  network  operations 
center  (NOC)  staff  to  pick 
up  some  of  the  day-to-day  ad¬ 
ministration  tasks 
is  going  smoothly. 
They’re  handling  our 
Tripwire  and  Se- 
curlD  infrastructure, 
and  so  far,  only  a 
couple  of  Tripwire 
incidents  needed  my 
attention.  Fortunately,  those 
alerts  were  false  positives. 

The  Art  of  IDS  Maintenance 

I’ve  been  spending  a  consid¬ 
erable  amount  of  time  during 
the  past  few  days  tuning  the 
three  Snort  intrusion-detection 
system  (IDS)  sensors.  We  de¬ 
ployed  these  sensors  in  north¬ 
ern  California,  the  Southeast 
and  the  Midwest,  and  all  are 
configured  to  watch  our  inter¬ 
nal  corporate  LAN  traffic. 
We’ve  placed  them  on  the  net¬ 
work  so  they  watch  only  the 
traffic  in  and  out  of  the  internal 
corporate  firewalls.  We  also 
have  Cisco  IDS  sensors  that 
watch  the  external  firewalls. 


Tuning  an 
IDS  is  a  very 
time-consuming 
and  draining 
process. 


but  those  have  been  tuned  and 
are  working  properly.  I  manage 
them  separately,  but  they  all  re¬ 
port  to  a  central  console. 

Tuning  an  IDS  is  a  very 
time-consuming  and  draining 
process.  But  it’s  also  educa¬ 
tional,  because  you  become 
intimately  familiar  with  how 
the  network  is  configured  and 
managed.  By  tuning  the  IDS 
engines,  I’ve  also  gotten  to 
know  other  individuals  within 
the  IT  organization  better. 

The  problem  with  tuning 
an  IDS  is  that  you  don’t  want 
to  filter  out  something  that 
could  be  indicative  of  hacker 
activity.  For  example,  because 
of  the  way  our  company  moni¬ 
tors  the  network,  we  have  an 
excessive  amount  of  Simple 
Network  Management  Proto¬ 
col  (SNMP)  traffic.  But  we 
also  need  to  watch  for  several 
known  SNMP  exploits,  so  I 
don’t  want  to  configure  my 
IDS  engines  to  ignore  SNMP 
traffic  completely.  The  trick  is 
to  determine  which  traffic  is 
legitimate  and  then  place  fil¬ 
ters  within  the  IDS  software 
so  that  legitimate  SNMP  traf¬ 
fic  won’t  trigger  an  alert  but 
other  SNMP  traffic  will. 

In  tuning  our  IDS,  I’ve  had 
to  address  dozens  of  these 
types  of  scenarios.  Instant 
messaging  traffic  is  another 
example.  Normally,  it’s  against 
most  companies’  policies  to  al¬ 
low  this  type  of  activity.  How¬ 
ever,  while  investigating  this 
traffic,  I  found  that  the  techni¬ 
cal  support  centers  use  it  to 
communicate  with  customers. 

I  can’t  just  block  this  traffic 
completely,  so  I  set  up  filters 
that  disregard  traffic  from  the 
tech-support  network  IP  ad¬ 
dress  range  but  pay  attention 
to  the  rest  of  the  network. 
Granted,  instant  messaging 
isn’t  a  large  security  risk,  but 
it  is  a  violation  of  our  policy. 

Music-sharing  programs  are 
another  big  problem.  Several 
programs  allow  users  to  find, 


share  and  download  music 
and  full-length  movies  off  the 
Internet.  Using  them  is  against 
our  policy.  So  it  came  as  a  sur¬ 
prise  when  I  discovered  that 
over  60%  of  the  total  traffic  at 
one  of  our  remote  locations 
was  from  music-sharing.  To 
address  this  problem,  I  put  in 
a  change  control  that  blocks 
this  traffic  at  the  firewall. 

Things  to  Know 

To  tune  an  IDS  engine,  you 
have  to  understand  your  net¬ 
work  and  the  way  it’s  man¬ 
aged,  monitored  and  adminis¬ 
tered.  And  you  have  to  know 
what  applications  employees 
are  using,  since  the  use  of 
those  applications  might  cre¬ 
ate  false  positives. 

Some  traffic  can  be  dealt 
with  technologically  (block¬ 
ing  its  access  at  the  firewall), 
while  other  traffic  can  be  dealt 
with  administratively  (con¬ 
tacting  individuals  or  man¬ 
agers).  Other  traffic  has  to  be 
tweaked  and  filtered  so  the 
IDS  infrastructure  is  effective 
enough  to  issue  alerts  about 
real  suspicious  traffic  while 
letting  legitimate  traffic  pass. 

Is  this  a  completely  reliable 
way  to  deal  with  these  prob¬ 
lems?  Probably  not.  But  be¬ 
cause  we’re  short-staffed,  I 
have  to  adjust  my  environ¬ 
ment  so  my  entire  day  isn’t 
consumed  with  responding  to 
IDS  alerts.  Eventually,  I’ll  train 
the  NOC  analysts  to  monitor 
the  IDS  engines.  But  for  now, 

I  need  to  give  myself  some 
breathing  room  and  time  to 
attend  to  other  matters,  i 


WHAT  DO  YOU  THINK? 

This  week’s  journal  is  written  by  a  real 
security  manager,  “Mathias  Thurman," 
whose  name  and  employer  have  been 
disguised  tor  obvious  reasons.  Contact  him 
at  mathias_thurman@yahoo.com,  or  join  the 
discussion  in  our  forum. 

QuickLink:  a1590 

To  find  a  complete  archive  of  our 
Security  Manager’s  Journals,  go  online  to 

O  computerworld.com/secjournal 


SECURITY 
MANAGER'S 
JOURNAL a 


SECURITY  106 


USER  REVIEW 

Tripwire 
Manager  3.0 

Version  3  of  Tripwire  Manager, 
the  central  console  for  manag¬ 
ing  servers  running  IDS  soft¬ 
ware  from  Tripwire  Inc.  in  Port¬ 
land,  Ore.,  has  some  cool  new 
features.  My  favorite  is  the 
ability  to  run  a  script  when 
Tripwire  detects  a  file  change. 

You  can  also  group  ma¬ 
chines  according  to  cate¬ 
gories  such  as  function  or 
location,  require  administra¬ 
tors  to  enter  their  names  and 
reasons  for  changes,  and  have 
multiple  instances  of  Tripwire 
running  on  a  single  system  to 
allow  concurrent  use. 

Those  features  were 
enough  to  earn  Tripwire  Man¬ 
ager  3  a  place  in  my  security 
infrastructure. 

-  Mathias  Thurman 


1.2%  Don’t  know 


Certification  Pays 

The  impact  of  Check  Point 
Certified  Security  Engineer 
certification  on  promotions  of 
network  security  personnel: 


41.3% 

Required  - 

Positive  factor 

won’t  promote 
without 

-  more  likely 

¥V  1 II  IV  U  & 

to  promote  4; 

No  impact/ 
not  a  factor 


SOURCE:  IDC  TELEPHONE  SURVEY  OF 
80  IT  PROFESSIONALS  IN  VERTICAL  IN¬ 
DUSTRIES.  2001 


Security  Q&A  Line 

Got  a  security  question? 
ITsecurity.com  offers  a  free 
resource  ( www.itsecurity : 
com/asktecs/asktecs.htm ) 
that  might  provide  the  an¬ 
swer.  The  Security  Clinic 
offers  the  expertise  of  more 
than  120  professionals  who 
provide  answers  to  questions 
posted  at  its  Web  site. 

But  don’t  expect  them  to 
help  you  configure  that  fire¬ 
wall:  A  spokesman  says  the 
experts  won’t  answer  ques¬ 
tions  that  should  be  directed 
to  a  product  support  line. 


COMPUTERWORLD  July  22, 2002 


MANAGEMENT 


THIS  WEEK 


PROJECT  MANAGEMENT 
TO  THE  EXTREME 

Some  companies  are  turning  to  an 
emerging  methodology  called  ex¬ 
treme  project  management,  a  radi¬ 
cal  approach  whereby  IT  managers 
focus  almost  exclusively  on  the 
needs  of  end  users.  PAGE  38 


MAKING  REALISTIC 
ROI  CALCULATIONS 

Even  in  today’s  cost-conscious  cli¬ 
mate,  IT  leaders  rarely  know  what 
questions  to  ask 
when  trying  to 
determine  re¬ 
turns  on  tech¬ 
nology  invest¬ 
ments.  That’s 
why  leaders 
such  as  Merrill 
Lynch’s  Marvin 
Balliet  (left)  use 
a  template  of  questions  they  can 
continuously  ask  to  keep  projects 
on  track.  PAGE  44 


JOIN  THE  CTO  CLUB 

Outside  of  a  few  MBA  programs, 
schools  don’t  offer  curricula  that 
teach  IT  professionals  how  to 
become  chief  technology  officers. 
Regional  CTO  clubs  can  help  fill 
that  void  for  aspiring  technology 
managers  and  CTOs  who  want  to 
network  with  their  peers.  PAGE  46 


CAREER  ADVISER 

Fran  Quittel  offers  advice  to  a  busi¬ 
ness  analyst  who  wants  to  work  on 
an  e-commerce  initiative,  an  IT/ 
finance  professional  who  wants  to 
know  whether  she  should  expect 
any  improvements  in  the  New  York 
job  market  and  an  application  de¬ 
veloper  who’s  considering  a  switch 
to  systems  integration  and  middle- 
tier  development.  PAGE  47 


JOHN  BERRY 


Strategic  Measurement 


WHEN  ARE  YOU  supposed  to  build  an  economic  value 

model  to  justify  a  proposed  information  technology 
investment?  Whenever  the  CFO  or  CIO  asks  you  to. 

But  a  more  subtle  answer  rests  in  a  decision  frame¬ 
work  that  can  enlighten  measurement  practices  by  the 
nature  of  the  IT  investment  a  company  wants  to  make.  This  framework 
suggests  that  rigorous  measurement  isn’t  so  important  when  investing  in 


certain  kinds  of  technology,  which  may  be  seen  as 
heresy  given  today’s  urge  to  measure. 

When  seeking  approval  for  an  IT  investment,  tech¬ 
nology  professionals  should  be  as  interested  in  know¬ 
ing  when  to  measure  as  in  how  to  measure.  We  know 
that  the  company’s  culture  and  financial  condition, 
plus  the  CFO’s  predisposition,  can  determine  mea¬ 
surement  practices.  So,  too,  should  the  nature  and 
class  of  the  technology. 

Here’s  the  simple  argument:  Some  IT  is  needed  to 
run  the  company,  and  it  enables  the  deployment  of 
more  strategic  kinds  of  technology.  Is  it  really  neces¬ 
sary  to  even  attempt  to  model  the  internal  rate  of 
return,  discounted  cash  flow  or  even  the  payback  of, 
say,  a  WAN  or  storage  investment?  A  rigorous  finan¬ 
cial  model  might  determine  when  in  a  company’s  in¬ 
vestment  cycle  such  an  investment  can  be  made,  but 
the  model  should  have  little  bearing  on  if  it’s  to  be 
made.  Clearly,  the  investment  should  be  made  since 
this  kind  of  IT  supports  more  strategic  technologies. 

Consider  what  I  call  the  economic  value  depiction 
pyramid.  It  helps  answer  this:  When  is  it  OK  to  con¬ 
fine  a  business  case  to  a  one-page  summary  or  de¬ 
fense  of  the  investment,  rather  than  a  detailed  mea¬ 
surement  exercise  in  which  each  cost  and  benefit 
metric  —  however  arrived  at  —  decorates 
an  ROI  calculation?  Consider  network- 
attached  storage.  Let’s  say  your  company 
is  adding  three  applications  and  a  couple 
of  new  data  stores,  and  e-commerce  traffic 
is  picking  up.  The  sheer  volume  of  infor¬ 
mation  seems  unrelenting.  As  costly  as 
new  storage  technologies  are,  would  a 
payback  period  calculation  do  any  more 
to  secure  the  investment  than  if  you  pre¬ 
sented  that  list  of  company  realities? 

At  the  bottom  of  the  pyramid  are  the 
infrastructure-support  kinds  of  IT:  net¬ 
works,  storage,  operating  systems,  servers 
and  databases.  Moving  up  the  pyramid,  we 
find  more  support  types  of  IT:  systems-of- 
record  applications  —  accounting,  budget¬ 


ing,  inventory  —  and  desktop  and  collaboration  soft¬ 
ware.  From  this  level,  we  move  into  the  “magic  king¬ 
dom”  of  strategic  IT:  customer  relationship  manage¬ 
ment,  supply  chain,  field-force  automation  —  anything 
that  can  give  a  company  a  competitive  advantage. 

As  we  move  further  up  the  pyramid,  two  things 
happen:  The  kinds  of  metrics  used  to  model  the  ben¬ 
efits  change,  and  the  pyramid  narrows.  The  higher  up 
the  pyramid,  the  more  the  metrics  focus  on  strategic 
issues,  such  as  increased  market  share,  reduced  cycle 
times  and  increased  revenue. 

The  narrowing  of  the  pyramid  symbolizes  confine¬ 
ment;  the  more  strategic  the  IT,  the  less  room  for 
measurement  error.  The  higher  you  climb,  the  more 
rigor  and  accuracy  are  required.  This  doesn’t  mean 
that  measurement  of  the  support  kinds  of  IT  can  be 
cursory  or  slipshod.  Nor  should  we  confuse  strategic 
for  complex.  A  storage-area  network  is  as  complex  a 
proposition  as  an  integrated  marketing  automation 
application.  However,  strategic  IT  introduces  novelty 
—  new  ways  of  organizing  business  processes  and 
defining  job  roles. 

Many  will  object  to  this  framework  of  aligning 
measurement  rigor  against  class  of  technology.  Enter¬ 
prise  resource  planning  (ERP),  for  instance,  can  be 
viewed  as  an  infrastructure  or  support 
type  of  software  because  the  entire  com¬ 
pany  depends  on  it,  so  ERP  is  both  strate¬ 
gic  and  essential.  And  a  company  might 
invest  in  point-to-point  T1  connectivity 
between  dispersed  facilities  as  a  strategic 
weapon,  since  it  might  allow  the  company 
to  more  effectively  collaborate  in  deliver¬ 
ing  a  product  or  service,  enhancing  its 
competitive  position. 

These  exceptions  reinforce  this  general 
rule:  Some  IT  is  essential  but  not  strategic, 
and  never  will  be.  Companies  that  accept 
the  contours  of  this  proposition  will  spend 
less  time  measuring  what’s  immeasurable 
and  more  time  measuring  what’s  novel 
and,  perhaps,  able  to  generate  revenue,  t 


john  berry  is  an  IT 

management  consultant 
and  analyst  in  Bend,  Ore 
He's  currently  writing 
a  book  about  the  mea¬ 
surement  of  intangible 
assets.  Contact  him  at 
vision@according2jb.com 


COMPUTERWORLD  July  22, 2002 


MAKAGEMENT 


Want  to  really 
get  your  business 
clients  engaged 
in  their  projects? 
Try  this. 

By  Kathleen 
Melymuka 


hen  it  project  manager 
Steve  Hawrysh  was 
brought  in  to  a  Midwest¬ 
ern  fulfillment  services 
company  to  fix  a  half- 
million-dollar  project  that  was  going 
nowhere,  the  first  thing  he  noticed  was 
that  there  was  no  real  agreement  on 
what  the  project  was  about.  The  goal 
seemed  to  be  to  port  existing  main¬ 
frame  capabilities  to  a  client/server  en¬ 
vironment,  but  no  one  seemed  to  know 
why.  “Nobody  had  really  challenged 
the  business  to  say,  ‘Why  are  you  doing 
this?’  ”  recalls  Hawrysh,  an  indepen¬ 
dent  consultant  in  Plymouth,  Minn. 

Using  extreme  project  management 
tools,  he  forced  the  business  unit  peo¬ 
ple  to  figure  out  what  they  really  want¬ 
ed  and  to  realize  that  they  didn’t  have 


the  time  or  resources  to  do  it.  The 
project  was  canceled. 

“That  was  a  success,”  he  says,  “be¬ 
cause  I  saved  them  $450,000.” 

“Most  projects  that  fail,  fail  before 
they  start,”  says  Rob  Thomsett,  a  se¬ 
nior  consultant  at  Cutter  Consortium 
in  Arlington,  Mass.  Thomsett  is  a  lead¬ 
ing  proponent  of  extreme  project  man¬ 
agement  and  author  of  Radical  Project 
Management  (Prentice  Hall  PTR, 

2002).  Studies  such  as  “The  Chaos 
Chronicles”  by  The  Standish  Group  In¬ 
ternational  Inc.  in  West  Yarmouth, 
Mass.,  show  that  IT  projects  fail  be¬ 
cause  of  lack  of  stakeholder  involve¬ 
ment,  incomplete  requirements,  lack  of 
sponsor  support  or  unrealistic  expec¬ 
tations  —  in  a  phrase:  lack  of  commit¬ 
ment  from  your  business  customers. 

Extreme  project  management  is  a 
new  approach  that’s  relatively  un¬ 
known  in  the  U.S.  It  requires  the  proj¬ 
ect  manager  to  leave  the  technology  to 
the  tech  team  and  concentrate  his  en¬ 
ergies  on  managing  critical  stakehold¬ 
ers.  It  grew  out  of  the  extreme  pro¬ 
gramming  movement  of  the  mid-’90s,  a 
radical  version  of  rapid  application  de¬ 
velopment  that  emphasizes  IT/busi- 
ness  teamwork  to  provide  enhanced 
customer  satisfaction.  (For  more  on 
extreme  programming,  go  to  www. 
extremeprogramming.org .) 

“It’s  called  ‘extreme’  because  it  goes 
against  common  practice  and  is  suited 
to  projects  being  done  in  chaotic  envi¬ 
ronments  under  severe  constraints,” 
says  Thomsett,  who  does  most  of  his 
work  in  Australia  for  companies  such 
as  A.M.P.  Ltd.  and  Westpac  Banking 
Corp.,  both  in  Sydney.  “It’s  like  ex¬ 
treme  sports  in  that  you  have  to  be 
really  proficient  to  do  it.” 

Thomsett  has  developed  a  set  of 
tools  that  are  paper-based  exercises 
designed  to  get  stakeholders  engaged. 
Project  managers  who  have  used  the 
tools  swear  by  them.  “This  process 
makes  sure  you’re  adding  value  to  the 
company,”  Hawrysh  says.  “It  makes 
you  think  about  why  we’re  doing  it.” 

“In  a  traditional  project,  if  it’s  not 
going  to  be  done  on  time,  someone  has 
to  break  the  news  to  executives,”  says 
Christine  Moore,  vice  president  of  de¬ 
livery  services  at  Caribou  Lake  Soft¬ 
ware  LLC,  a  Minneapolis  firm  that 
does  custom  software  development. 
“Here,  there’s  no  news  to  break.  If 
you’re  extreme,  everyone  is  in  it  daily.” 

The  following  are  four  extreme  tools 
that  you  can  try.  Project  managers  say 
that  these  tools,  if  used  diligently  and 
within  the  context  of  a  so-called  Rapid 
Project  Planning  session  [QuickLink: 
31177],  virtually  guarantee  that  your 


business  clients  will  take  charge  of  the 
project. 


T00L1 


Sliders:  What 
Success  Looks  Like 


Traditionally,  projects  are  deemed  suc¬ 
cessful  if  they’re  on  time  and  on  bud¬ 
get,  but  any  business  person  stuck  with 
a  new  system  that  doesn’t  add  value 
can  tell  you  there’s  more  to  success 
than  that.  “The  Holy  Grail  is  not  mod¬ 
eling  requirements,  it’s  modeling  ex¬ 
pectations,”  says  Thomsett. 

This  exercise  requires  critical  stake¬ 
holders  to  draw  a  detailed  picture  of 
what  project  success  will  look  like,  us¬ 
ing  “sliders”  that  can  be  turned  all  the 
way  on  (Level  5)  all  the  way  off  (Level 
1)  or  anywhere  in  between,  depending 
on  how  important  each  of  seven  crite¬ 
ria  is  to  the  project’s  success  (see  illus¬ 
tration,  next  page)  “This  determines 
everything,”  says  Thomsett. 

Project  managers  say  sliders  help 
them  understand  whom  they’re  deal¬ 
ing  with.  Stakeholders  in  a  financial 
system,  for  example,  may  turn  up  the 
budget  slider  but  not  care  as  much 
about  deadlines.  Stakeholders  in  a 
Web-based  customer-facing  project 
may  place  more  emphasis  on  quality. 

Sliders  graphically  demonstrate  that 
when  resources  are  limited,  something 
has  to  give.  “The  tool  forces  [stake¬ 
holders]  to  face  their  own  expecta¬ 
tions,”  says  Brian  Walden,  a  program 
manager  at  AMP  (U.K.)  Financial  Ser¬ 
vices  Ltd.  in  Peterborough,  Australia, 
who  has  used  extreme  project  manage¬ 
ment  extensively. 

James  Peterson  (not  his  real  name), 
is  an  IT  project  manager  at  a  large  U.K. 
bank  who  asked  to  remain  anonymous 
because  his  company  is  publicity-shy. 
The  first  time  he  used  sliders,  nearly 
everybody  turned  all  of  them  all  the 
way  on  for  a  project  with  limited  funds 
and  a  tight  deadline.  Then  one  busi¬ 
ness  analyst  got  it:  “Look,”  he  said. 

“You  can’t  buy  a  Rolls  Royce  for 
$10,000;  you  buy  a  really  good  used 
Toyota  that  will  get  you  from  A  to  B.” 

Suddenly,  everybody  understood  the 
tool,  Peterson  says.  “Budget  and  time 
became  fully  switched  on,  value  to  the 
organization  received  a  4,  quality  re¬ 
ceived  a  2,  satisfied  customers  3,  and 
the  group  accepted  that  they  won’t  get 
too  much  personal  satisfaction  out  of 
the  project  because  most  of  them 
wanted  the  Rolls  Royce,”  he  says. 

Sliders  also  do  away  with  many  sur¬ 
prises.  “There  will  be  no  death  march 
without  knowing  in  advance  because 
they  say  upfront  how  important  team 
satisfaction  is,”  Thomsett  explains. 

Most  important,  sliders  facilitate 


COMPUTERWORLD  July  22, 2002 


MANAGEMENT 


SLIDERS:  In  this  project,  budget  and  satisfaction  are 
expendable.  Meeting  the  deadline  is  a  must.  Meeting 
objectives  with  quality  work  is  extremely  important. 


Have  satisfied  client  groups 


Meet  objectives/requirements 


Meet  an  agreed  budget 


Deliver  the  product  on  time 


Add  value  for  the  organization 


Meet  quality  requirements 


Professional  satisfaction  for  project  team 


A  Sampling  of  the  Tools 


IS/IS  NOT  SCOPE  PLANNING:  The  critical  stakeholders  of  a  proj¬ 
ect  to  add  pages  to  a  Web  site  might  make  the  following  deci¬ 
sions  about  what  is  and  is  not  within  the  scope  of  the  project: 


IS 

IS  NOT 

Creating  new  pages  using  the 
design  and  implementation 
standards  of  the  current 
pages  on  the  site 

Working  with  marketing  on 
redesign  of  current  user 
interface 

Ensuring  that  pages  will  equal 
or  exceed  functionality  of 
existing  pages 

Solving  performance 
issues  in  current  pages 

Making  new  pages  available 
to  all  who  access  current  site 

Facilitating  additional  access 
to  the  site 

Soliciting  feedback  from 
e-commerce,  call  center, 
marketing  and  product  devel¬ 
opment 

Soliciting  feedback  from 
other  departments 

THE  QUALITY  AGREEMENT:  Each  critical  stakeholder  votes  on  which 
of  10  attributes  are  essential  to  the  project.  The  sponsor  uses  their 
input  to  make  the  final  decisions. 


ATTRIBUTES 

HR 

LEGAL 

MARKETING 

Conformity 

Yes 

Yes 

Yes 

No 

Yes 

Usability 

No 

No 

No 

Yes 

Yes 

Efficiency 

No 

No 

Yes 

No 

Yes 

Maintainability 

No 

No 

No 

Yes 

Yes 

Reusability 

Yes 

Yes 

No 

Yes 

No 

Flexibility 

Yes 

Yes 

No 

Yes 

Yes 

Reliability 

Yes 

No 

Yes 

Yes 

Yes 

Portability 

Yes 

Yes 

Yes 

Yes 

Yes 

Auditability/Security 

Yes 

Yes 

No 

Yes 

No 

Job  impact 

Yes 

Yes 

No 

Yes 

Yes 

communication  and  expose  hidden 
agendas  because  stakeholders  have  to 
agree  on  slider  placement.  “If  you  can’t 
get  an  agreement  from  critical  stake¬ 
holders,  walk  away,”  Thomsett  says. 


TOOL  2 


Is/ls  Not: 

Scope  Planning 


“A  circle  is  defined  by  what  is  outside 
as  well  as  what  is  inside,”  Thomsett 
says.  The  same  goes  for  your  project. 
The  key  to  scoping  is  to  get  your  stake¬ 
holders  to  define  not  only  what  is 
within  the  scope  of  the  project,  but 
also  what  isn’t  (see  illustration). 

Stakeholders  are  asked  to  name 
things  that  are  inside  and  outside  the 
project  scope.  For  example,  if  your 
team  will  be  creating  new  pages  for  a 
Web  site,  then  “creating  new  pages” 
would  go  under  “is.”  But  if  the  team 
won’t  be  enhancing  current  pages,  that 
goes  under  “is  not.” 

Continue  this  as  long  as  you  can, 
Thomsett  advises.  “The  further  down 
you  go,  the  clearer  it  becomes,”  he  says. 

“It  gets  people  thinking,”  says 
Hawrysh.  “It  really  helps  identify  what 
this  thing  is  you’re  working  on.” 

“People  think  they  know  what  the 
project  is,  but  you  find  that  no  one  is 
really  on  the  same  page,”  says  Moore. 

As  project  manager,  whether  an  ob¬ 
jective  is  inside  or  outside  the  scope  is 
not  your  concern.  The  executive  spon¬ 
sor  “owns”  the  project;  you  merely  fa¬ 
cilitate.  “Let  them  fight  over  it,”  Thom¬ 
sett  says.  If  there’s  anything  that  stake¬ 
holders  can’t  agree  on,  it  goes  to  the 


executive  sponsor  for  resolution. 

In  the  end,  everything  outside  the 
scope  either  is  assigned  to  a  stakehold¬ 
er,  becomes  a  different  project  or  sim¬ 
ply  won’t  be  done. 

“Projects  are  defined  more  clearly.  It 
brings  out  the  queries  much  earlier,” 
Walden  says.  In  fact,  he  says,  projects 
are  often  canceled  when  the  “is/is  not” 
session  makes  stakeholders  realize  that 
they’re  not  prepared  to  pay  for  the  full 
scope. 


TOOL  3 


Stakeholder 

Agreement 


Everything  that  is  not  within  the  proj¬ 
ect  scope,  but  is  essential  for  the  proj¬ 
ect  (such  as  outsourced  program¬ 


ming),  is  assigned  to  a  stakeholder, 
who  completes  and  signs  a  stakeholder 
agreement. 

In  traditional  project  management, 
stakeholders  are  expected  to  take  on 
responsibilities,  but  there’s  no  ac¬ 
countability,  Thomsett  says.  For  exam¬ 
ple,  if  a  subtask  is  to  be  outsourced  and 
■  the  stakeholder  doesn’t  get  around  to 
it,  the  project  team  may  end  up  doing 
the  task  by  default,  expanding  scope 
and  increasing  risk  without  any  recog¬ 
nition  that  it’s  doing  so.  To  avoid  this, 
it’s  essential  to  formally  analyze,  nego¬ 
tiate  and  agree  in  writing  with  each 
critical  stakeholder  on  the  services 
that  are  expected,  the  dates  or  timing 
of  services,  cost  to  the  stakeholder  of 


Doing  Lattes 

“PROJECTS  FAIL  IN  THE  CONTEXT,  not 
the  content,”  says  Rob  Thomsett,  a  senior 
consultant  at  Cutter  Consortium  and  a  lead¬ 
ing  proponent  of  extreme  project  manage¬ 
ment. 

Thomsett  likens  a  project  to  two  concen¬ 
tric  circles.  The  inner  circle  represents  the 
project  content  -  the  technical  deliverables. 
The  outer  circle  represents  context  -  the 
managerial  and  sociopolitical  environment. 
Traditional  project  management  is  focused 
inward,  he  says,  but  extreme  project  man¬ 
agement  focuses  outward. 

The  bigger  the  project,  the  more  time  the 
project  manager  needs  to  spend  on  context. 
In  big  projects,  project  managers  should  be 


spending  70%  to  80%  of  their  time  “doing 
lattes”  with  stakeholders,  he  says.  That 
means  schmoozing,  politicking,  keeping 
them  in  the  loop,  keeping  up  their  interest 
and  commitment,  getting  their  input.  Re¬ 
member,  says  Thomsett,  it's  their  project.  As 
project  manager,  you  are  merely  the  “pas¬ 
sive  conduit  of  their  hopes  and  dreams." 

“These  things  are  easy  to  say,  but  in  prac¬ 
tice  very  hard  to  do,”  says  Christine  Moore, 
vice  president  of  delivery  services  at  Caribou 
Lake  Software.  “Project  managers  used  to 
assign  tasks;  now  you  have  to  work  on  rela¬ 
tionships  with  people  and  keep  them  in¬ 
volved  and  committed.  The  customer  may 
say,  ‘I  can’t  be  there  that  day.'  People  may 
lose  commitment.  Your  role  really  is  running 
around  'doing  lattes.’ " 

-  Kathleen  Melymuka 


providing  the  service,  and  an  alternate 
source  for  obtaining  the  service. 


TOOL  4 


The  Quality 
Agreement 


What  level  of  quality  is  required?  The 
quality  agreement  lists  10  attributes  for 
the  project.  The  stakeholders  must 
agree  on  which  are  essential.  The  proj¬ 
ect  manager  doesn’t  care  which  attrib¬ 
utes  the  stakeholders  choose.  He  mere¬ 
ly  informs  them  that  for  every  attribute 
required,  both  the  risk  and  cost  go  up. 

The  quality  agreement  sets  the  base¬ 
line  for  all  project  quality  assurance 
going  forward. 


Not  for  Wimps 

Extreme  project  management  isn’t  for 
everyone.  It  takes  project  managers 
with  the  courage  and  executive  back¬ 
ing  to  make  the  stakeholders  toe  the 
line,  and  it  takes  business  people  will¬ 
ing  —  or  compelled  by  senior  execu¬ 
tives  —  to  commit  real  elbow  grease  to 
a  project.  But  the  payback  is  worth  it, 
say  project  managers. 

“The  tools  help  the  customer  feel  in¬ 
volved  and  part  of  the  team,”  says 
Moore.  “The  project  is  not  something 
that  happened  to  them;  it’s  something 
they’re  a  part  of,  and  when  that  hap¬ 
pens,  everything  is  easier.”  I 


fHE  RAPP  SESSION 

he  Rapid  Project  Planning  (RAPP)  session  sets  the 
roject’s  tone  and  gets  decisions  made. 

QuickLink:  31177 
Ik*  www.computerworld.com 


40 


MANAGEMENT 


COMPUTERWORLD  July  22, 2002 


Until  1997,  Puget  Sound  Energy 

Inc.’s  definition  of  good  customer 
service  was  mailing  accurate 
monthly  bills  to  its  2.1  million  gas 
and  electric  customers.  But  with 
the  possibility  of  deregulation  or 
reregulation  on  the  horizon,  it 
knew  it  had  to  do  better. 

So  the  Bellevue,  Wash.-based  utility  company  de¬ 
cided  to  deploy  a  new  automated  meter-reading 
(AMR)  system  from  New  York-based  Schlumberger- 
Sema  —  at  a  cost  of  $45  million  —  and  connect  it  to 
its  customer  information  system,  Customer  Linx 
from  Dallas-based  Alliance  Data  Systems  Corp. 

PuSet  Sound  Energy’s  (PSE)  goal  was  to 
I  iTil  I  capture  and  share  more  real-time  data 
I  l  II I  I  with  customers  in  Washington,  where  its 
■■■■■  coverage  area  spans  nine  counties. 

By  spring  2000,  PSE’s  customer  service  needs  shift¬ 
ed  significantly.  As  wholesale  gas  and  electric  energy 
prices  spiked,  the  company  took  the  customer  infor¬ 
mation  from  its  AMR  and  billing  systems  and  made 
it  available  to  customers  through  an  Internet  portal. 

The  450,000  residential  gas  and  electric  customers 
who  signed  up  for  the  company’s  portal-based  Per¬ 
sonal  Energy  Management  (PEM)  program  in  No¬ 
vember  2000  were  able  to  see  their  energy  usage  for 
any  given  day,  month  or  year,  and  compare  the  rates 
for  peak  and  off-peak  hours.  They  could  also  use  a 
PEM  calculator  to  see  how  they  could  reduce  their 
bills  if  they  were  to  switch  from  a  flat  rate  to  a  time- 
of-day  rate.  (The  program  was  only  informational 
since  time-of-day  wasn’t  available  then.)  It  also 
hoped  to  realize  a  return  on  its  investment  in  10 
years  —  half  the  time  it  usually  takes  a  utility  to  see 
ROI  on  an  IT  investment. 

But  the  utility  got  more  than  it  had  hoped  for.  Reg¬ 
ulators  gave  PSE  permission  to  launch  a  pilot  time- 
of-day  billing  program  for  300,000  residential  cus¬ 
tomers,  who  would  be  billed  rates  based  on  the 
times  they  consume  energy  rather  than  the  tradi¬ 
tional  flat  rates.  Customer  response  to  the  program 
was  overwhelmingly  positive.  Of  those  customers 
who  signed  up,  89%,  or  267,000,  had  shifted  some  of 
their  energy  usage  from  peak  to  off-peak  hours,  re- 


ECONOMY 


3am-t0*a 

Mcn-Sal 


■Select  your  rate- 


•The'^EM  Calculator  bastWn  updated  tcrir.dude  residential  and 
business,  rates*  using  your  PEM  online  usage  information  or  Dill 
statement,  compare  time -of -da^  rates  to  traditional  fixed  rates  and  see 
how  shiftihg  or  conserving  usage  can  help  make  a  difference 

;  1  .  Choose  the  residential  of  business  rate  that  applies  to  you. 

2.  Enter  the  Kwh  s  used  in  each  of  the  time  categories. 

'  A  •  .  .  .  .  •  .  ’  • 

•3;  Compare  the  costs  between  the  time  of  day  rates  and  the  fixed 
rate.  Compare  your  usage  %  to  the  average  of  all  customers  on  your 
rate  to  find  ways  to  save  more.  Click  on  BILL  DETAILS  for  a  sample  bill 
calculation. 


RESIOENTIftl  TIME  OF  DAY  RATE  CHART 


I0am-5pm 
Moo- Sat 


Switch  rates: 


What's  my  Rate: 


MORNING  MIDDAY  EVENING  ECONOMY 


Enter  Your 
KV/h  used 


YoyrUiiag* 


Average 

Usage 


i  HAVE  QUESTIONS? 


BIU  DETAILS 


Your  cost  with 
Fixed  Rate 


Your  cost  with 
Time  of  Day 


MONEY 


Customer 

Charge 


Actual  rates  may  vary  slightly  based, 
on  total  Kwh  used  and  various 
credits. 


Total  Bill 
Excluding  Local 
Tax 


Total  Bill 
Excluding  Local 
Tax 


PUGET  SOUND  ENERGY’S  Personal  Energy  Manage¬ 
ment  calculator  allows  customers  to  see  the  time-of- 
day  rates  for  their  energy  usage. 

suiting  in  an  overall  5%  to  6%  switch  to  the  more 
economical  off-peak  rates  for  PSE  as  a  whole. 

But  the  big  surprise  was  that  49%  of  those  267,000 
customers  consumed  less  energy,  resulting  in  a  1% 
reduction  in  overall  usage,  according  to  surveys  by 
the  utility  company  last  fall.  “The  conservation  was 
a  surprise  for  us,”  says  Todd  Starnes,  PSE’s  manager 
of  business  development. 

Different  billing  rates  based  on  times  of  consump¬ 
tion  have  been  available  to  large  industrial  customers 
for  years.  But  what’s  new  is  using  the  Web  to  offer 


Powering 


Utility’s  Web  portal  lets  customers  switch  to  off- 
peak  usage  and  cut  costs.  By  Melissa  Solomon 


that  information  to  residential  customers  as  well, 
says  Dan  Miklavic,  a  Seattle-based  energy  analyst  at 
Gartner  Inc.  “It’s  fairly  innovative  in  the  sense  that 
they  [PSE]  are  changing  people’s  consumption 
habits.  From  a  utility  perspective,  that’s  not  com¬ 
mon,”  he  says. 

In  October,  PSE  extended  its  pilot  to  20,000  com¬ 
mercial  customers.  In  June,  it  got  permission  to  ex¬ 
pand  the  residential  pilot  to  800,000  customers. 
Eventually,  the  utility  wants  to  offer  consumers  a  va¬ 
riety  of  rate  packages  similar  to  those  offered  by  ca¬ 
ble  companies,  says  Brian  Pollom,  director  of  meter¬ 
ing  network  services  at  PSE. 

The  program  was  innovative  enough  to  earn  PSE 
the  2001  Edison  Award  from  the  Washington-based 
Edison  Electric  Institute,  which  recognizes  energy 
companies  for  outstanding  contributions  to  the  ener¬ 
gy  industry. 

Hefty  Price  Tag 

Although  time-of-day  billing  is  common  in  several 
European  nations  and  throughout  Australia,  it’s  still  a 
rarity  in  the  U.S. 

One  reason  is  that  it’s  quite  expensive.  PSE  spent 
$45  million  on  the  AMR  system  alone,  which  was  ful¬ 
ly  deployed  last  month,  according  to  Pollom. 

Regardless  of  the  costs,  Miklavic  says  utilities  will 
likely  follow  PSE’s  lead,  because  the  not-in-my-back- 
yard  attitude  will  always  limit  the  number  of  power 
plants  that  energy  companies  can  build.  “It’s  envi¬ 
ronmentally  friendly,  it  encourages  overall  conser¬ 
vation,  and  it  allows  for  the  utility  to  meet  demand 
in  a  more  efficient  fashion,”  he  says.  “So  it’s  good 
business  in  the  intangible  sense.  Financially,  I’m  not 
so  sure.” 

But  PSE  has  also  seen  financial  and  other  benefits, 
says  Pollom.  The  Internet  self-service  features  and 
the  AMR  system  have  both  helped  the  company  re¬ 
duce  its  workforce,  he  says. 

The  new  system  has  shortened  the  billing  and  cus¬ 
tomer  response  cycles  by  days,  adds  Penny  Gullek- 
son,  vice  president  of  customer  service  at  PSE.  It  has 
also  given  customer  service  representatives  more  an¬ 
alytical  data,  so  they  can  provide  more  helpful  infor¬ 
mation  to  customers,  says  Starnes.  If  a  family’s  ener¬ 
gy  bill  spikes,  PSE  can  pinpoint  when  usage  went  up 
—  and  perhaps  determine,  for  instance,  that  it  hap¬ 
pened  when  the  kids  were  home  from  college. 

The  standard  return  on  IT  investments  for  many 
utilities  is  20  years,  says  Pollom.  PSE’s  goal  was  less 
than  10  years,  and  it’s  now  estimating  a  nine-year  tar¬ 
get  for  direct  returns  that  can  be  clearly  measured  in 
lowered  costs  or  increased  revenue.  Factoring  in  the 
indirect  returns,  such  as  improved  customer  service 
and  the  time-of-day  program  that  the  new  systems 
led  to,  PSE  projects  an  ROI  in  less  than  five  years. 

“It’s  a  large  investment,  and  because  of  its  size,  you 
have  to  have  a  strong  vision  of  the  customer  service 
and  data  you  want,”  says  Pollom.  “It  scares  away 
most,  and  that’s  why  you  don’t  see  a  lot  of  this  tech¬ 
nology  deployed  at  this  level.”  Yet.  I 


PROGRAMMED  SAVINGS 


Read  how  PSE  is  trying  to  develop  thermostats  that  would  allow 
consumers  to  reduce  energy  consumption. 


OQuickLink:  31302 

www.computerworld.com 


.  imation 


Keep  up  with  your  growing  data. 


imation 


imation 


Iwwrnosm  tuts  eattrig* 
w?s«i»  si  ft***  » tnusr 


Imation  SLR  storage  technology  scales  with  your  data  storage  needs. 

A  little  or  a  lot.  all  of  your  data  is  important.  And  Imation.  along  with  Tandberg  Data,  developed  SLR  technology  to  help  you  manage  it.  The  best 
replacement  for  DDS  technology.  SLR  data  cartridges  and  drives  make  easy  work  of  backing  up  and  storing  data.  Anywhere  between  525MB  and 
100GB*.  And  you  can  do  it  confidently  with  the  industry’s  lowest  field  failure  rate  of  just  1.5%.  These  are  just  a  few  reasons  StR  tr^*1**®*®"* 
best  way  to  stay  ahead  of  growing  data.  Something  Imation  has  been  helping  companies  do  for  more  than  50  years.  Learn  all  about 
and  Imation  SLR  data  cartridges  at  www.imation.com/slr. 


‘Assumes  2:1  compression 


SLR  Technology  Development  Partner 


(©server 


Linux®  ready  with  seif-managing  features  for  every  e-business. 

MBmmmammm 1 

m  .  K 

Intel  -based  /  xSeries™ 

It’s  an  affordable  and  powerful 
combination  of  mainframe- 
inspired  reliability  and  smart 
systems  management  tools. 

UNIX®  /  pSeries™ 
Highly  available,  highly  affordable 
and  highly  coveted.  The  pSeries  is 
the  platform  of  choice  for  powerful 
UNIX  and  Linux  solutions. 


Midrange  /  iSeries™ 

Brings  easy-to-depioy,  plug  and 
play  e-business  to  your  business. 
Sophisticated  technology  that’s 
easy  to  manage  and  Linux  ready. 


Mainframe  /  zSeries™ 

Maximum  reliability,  maximum  power, 
maximum  flexibility.  Designed  for  up  to 
99.999%  uptime1  to  handle  the 
demands  of  today’s  e-businesses. 


Winning  through  server  consolidation.  Winnebago  Industries  lives  by  its  e-mail  system.  By  consolidating  its 
functions  onto  one  IBM  (©server  zSeries  running  Linux,  the  company  created  an  industrial-strength  e-mail 
system,  and  saved  on  software  licensing  fees  in  the  process.  For  a  complimentary  guide  on  server  consolidation, 

visitibm.com/eserver/winnebago  .  .  n  «->  .  , 

(g/  business  rs  ihe.  nay  7o  r/H 


'Requires  Parallel  Sysplex*  environment.  All  numbers  and  results  reported  are  from  customer  sources.  This  customer  example  is  intended  as  an  illustration  only.  Costs  and  results  obtained  in  other  customer  environments 
will  vary  depending,  among  other  things,  on  individual  customer  configurations  and  conditions.  IBM.  the  e-business  logo,  e-business  is  the  game.  Play  to  win,  iSeries.  pSeries,  xSeries,  zSeries  and  Parallel  Sysplex  are 
trademarks  or  registered  trademarks  of  International  Business  Machines  Corporation.  Linux  is  a  registered  trademark  of  Linus  Torvalds.  Intel  Is  a  registered  trademark  of  Intel  Corporation  or  its  subsidiaries  in  the  United 
States  and  other  countries.  UNIX  is  a  registered  trademark  of  The  Open  Group.  Other  company,  product  and  service  names  may  be  trademarks  or  service  marks  of  others.  ©  2002  IBM  Corporation.  All  rights  reserved. 


44 


CGMPUTERWORLD  July  22, 2002 


MANAGEMENT 


Everyone 
talks  about 
ROI.  But  there 
is  no  simple  answer 
to  an  ROI  question. 

MARVIN  BALLIET,  CHIEF  FINANCIAL 
OFFICER,  GLOBAL  TECHNOLOGY  AND 
SERVICES  DIVISION,  MERRILL  LYNCH 


Even  beside  the  picture  win¬ 
dow  with  a  spectacular  view 
of  New  York  Harbor,  it’s  hard 
not  to  notice  the  red-letter 
mantra  hanging  in  Marvin  Bal- 
liet’s  office:  “Expense  Reduction  +  Cost 
Avoidance  =  Cost  Savings.” 

Simple.  But  when  asked  how  to  mea¬ 
sure  the  return  on  IT  investments,  Bal- 
liet,  chief  financial  officer  at  Merrill 
Lynch  &  Co.’s  global  technology  and 
services  division,  can  go  on  for  hours 
and  still  leave  questions  unanswered. 
“Everyone  talks  about  ROI,”  he  says. 
“But  there  is  no  simple  answer  to  an 
ROI  question.” 

The  reason,  Balliet  explains,  is  that 
a  return  on  investment  formula  is  sim¬ 
ply  a  tool  to  help  companies  make  wise 
business  decisions.  Effectively  measur¬ 
ing  ROI  is  a  matter  of  devising  the 
proper  governance  system  and  pro¬ 
cedures  so  business  leaders  ask 
the  right  questions  and  continu¬ 
ally  revisit  them  to  keep  their 
projects  on  target. 

But  even  in  the  current  cost- 
conscious  business  climate,  many  IT 
leaders  have  at  best  only  a  vague  idea 
of  what  questions  to  ask.  More  than 
80%  of  Global  2,000  companies  don’t 
have  the  right  measurement  systems  to 
make  sure  that  their  IT  initiatives  are 
effective,  according  to  Karen  Ruben- 
strunk,  an  analyst  at  Meta  Group  Inc. 
in  Stamford,  Conn.  For  those  compa¬ 
nies  that  do,  coming  up  with  the  right 
questions  is  a  constant  work  in  progress. 


For  instance,  when  Balliet  joined 
Merrill  Lynch’s  global  technology  and 
services  division  in  1999,  he  shifted 
responsibility  for  technology  spending 
from  the  IT  department  to  the  business- 
unit  leaders.  He  then  had  those  leaders 
answer  five  broad  questions  aimed  at 
capturing  the  scope  and  intent  of  their 
technology  projects. 

But  Balliet  soon  learned  that 
a  question  such  as,  What  are  the 
project’s  anticipated  mainte¬ 
nance  costs?  can  leave  a  great 
deal  of  wiggle  room.  For  exam¬ 
ple,  maintenance  costs  might  be  inter¬ 
preted  by  different  people  as  both  soft¬ 
ware  and  hardware  maintenance,  or 
just  one  of  the  two.  So  he  eventually 
learned  to  break  that  question  into 
two:  hardware  maintenance  costs  and 
software  maintenance  costs.  Balliet 
has  also  added  such  nuances  to  his 
“finance  toolbox”  and  expanded  the 
questionnaire  to  better  capture  such 
details.  Now  managers  must  complete 


a  six-section  business  case  with  about 
80  questions  (for  more  on  this  process, 
use  QuickLink  27942). 

Leaving  the  answers  to  those  ques¬ 
tions  up  to  business  users  as  opposed 
to  IT  leaders  is  the  right  approach,  says 
H.  Jameson  Holcombe,  CIO  at  Cambri¬ 
an  Communications  LLC,  a  telecommu¬ 
nications  and  network  services  compa¬ 
ny  in  Fairfax,  Va.  That  might  even  re¬ 
sult  in  business  users  choosing  an  ex¬ 
ternal  vendor  for  a  project  instead  of 
using  in-house  IT  staff,  he  says.  It’s 
often  more  cost-effective  to  stay  in- 
house,  but  for  a  sales  force  automation 
project,  for  instance,  the  finance  leader 
needs  to  make  that  call,  says  Holcombe. 

The  problem  is  that  many  IT  leaders 
insist  on  taking  the  lead  on  projects, 
even  though  they’re  not  the  ones  who 
will  be  using  the  system  and  helping  it 
realize  its  full  potential,  says  Ruben- 
strunk.  “So  IT  gets  a  black  eye  because 
there’s  little  accountability  driving  val¬ 
ue  realization  within  the  business,”  she 


Realistic  ROI  calculations  require  asking  the  right 
questions  again  and  again.  By  Melissa  Solomon 


COMPUTERWORLD  July  22,  2002 


MANAGEMENT 


says.  IT  can  guide  users  through  the 
process  and  help  them  devise  ROI  fig¬ 
ures.  But,  Rubenstrunk  says,  “when  it 
gets  right  down  to  it,  a  technology  per¬ 
son  has  no  right  to  be  held  accountable 
for  the  value  of  business  projects.” 

Creative  Calculations 

Once  process  and  governance  sys¬ 
tems  are  in  place,  it’s  time  to  start  nail¬ 
ing  down  actual  numbers.  But  those 
numbers  are  often  moving  targets. 

For  example,  how  do  you  determine 
funding  costs  when  you  don’t  know 
what  interest  rates  will  be  in  18  months? 
asks  Balliet.  Or,  if  a  system  was  intend¬ 
ed  to  be  a  market  leader  but  has  since 
been  adopted  by  competitors,  will  your 
company’s  returns  be  diminished?  If 
a  project’s  ROI  was  $50  million  in  in¬ 
creased  income,  and  income  rises  $70 
million  after  the  first  year,  does  that 
mean  that  the  project  was  a  success, 
or  was  there  a  shift  from  a  bear  to  a 
bull  market  that  drove  up  returns?  How 
about  if  the  goal  of  a  project  was  to  cut 
20  staffers,  but  only  15  were  let  go?  Does 
that  mean  it  was  a  failure,  or  did  sales 
volumes  rose  higher  than  expected,  in¬ 
creasing  the  need  for  more  man-hours? 

Such  questions  illustrate  why  it’s 
critical  to  measure  a  company’s  com¬ 
petitive  position  rather  than  simply 
looking  at  past  performance,  says  Bal¬ 
liet.  Companies  also  need  to  measure 
projects  as  a  portfolio  of  investments 
that  are  regularly  re-evaluated,  he  says 
(for  more  on  project  portfolio  manage¬ 
ment,  use  QuickLink  27643). 

If  they  don’t  measure  up,  pull  the 
plug  fast.  Canceling  a  precarious  proj¬ 
ect  60  days  earlier,  rather  than  waiting 
around  hoping  things  will  improve,  can 
save  a  lot  of  money,  Balliet  says.  There 
are  always  new  questions  to  ask  in  de¬ 
termining  ROI,  he  says.  But  it  can  be 
worth  the  effort. 

“I  don’t  want  to  tell  you  how  far  over 
budget  we  were  in  ’99,”  Balliet  says, 
adding  that  a  quick  glance  over  previ¬ 
ous  years’  technology  budgets  revealed 
similar  numbers.  In  2000,  by  contrast, 
his  division  was  $77  million  under 
budget,  thanks  largely  to  the  greater 
attention  paid  to  metrics. 

Many  executives  are  under  so  much 
pressure  to  keep  costs  down  that  they 
won’t  even  ask  for  IT  dollars  these 
days,  says  Dick  Hudson,  a  former  CIO 
who’s  now  principal  of  Hudson  &  As¬ 
sociates,  an  executive  IT  consulting 
firm  in  Katy,  Texas.  But  with  the  third 
anniversary  of  the  completion  of  the 
Y2k  effort  approaching,  CIOs  will  need 
to  start  asking  for  technology  upgrades, 
so  they’ll  have  to  learn  how  to  sell 
projects  to  company  leaders,  he  says. 


Behind  the  Numbers 


CAMBRIAN  COMMUNICATIONS  CIO  H.  JAME¬ 
SON  HOLCOMBE  starts  his  ROI  calculations  by 
reviewing  the  following  basic  capital  costs: 

■  Software/licensing 

■  Yearly  maintenance 

■  Professional  services 

■  Hardware 

■  Extra  infrastructure  needed 

The  challenge,  though,  is  that  some  of  those 
costs  are  subject  to  interpretation,  Holcombe 
says.  For  instance,  for  an  order-workflow  sys¬ 
tem,  one  manager  might  measure  order  proc¬ 
essing  time  from  the  time  the  order  is  placed 
until  it’s  delivered.  But  another  manager  might 
simply  gauge  the  time  it  takes  to  act  on  an 
order.  So  it’s  important  to  be  specific  about 
where  the  numbers  come  from. 

Once  Holcombe  determines  the  capital 


costs,  he  compares  them  with  what  he  current¬ 
ly  spends  and  the  anticipated  productivity 
gains  from  the  proposed  capital  investment. 

But  how  do  you  determine  those  gains? 
Meta  Group  analyst  Karen  Rubenstrunk  says 
there  are  two  types  of  metrics  to  measure 
gains  from  IT.  The  first  looks  at  how  effectively 
an  IT  department  is  run.  The  second  gauges 
how  valuable  IT  investments  are  to  your  busi¬ 
ness.  To  measure  your  IT  organization’s  effec¬ 
tiveness,  she  suggests  the  following: 

■  Review  customer  surveys.  Has  customer 
satisfaction  increased? 

■  Consider  the  time  spent  on  IT  projects.  Is  the 
IT  organization  improving  its  delivery  time? 

■  Test  employees.  Are  they  absorbing  training 
and  learning  new  technologies? 

■  Quiz  employees  on  the  big  picture.  For  in¬ 


stance,  do  they  know  the  top  three  gover¬ 
nance  principles  that  drive  the  company's 
architecture? 

a  Are  projects  on  time  and  on  budget? 

To  measure  how  valuable  your  IT  invest¬ 
ments  are  to  the  business,  help  business-unit 
leaders  develop  very  clear,  tightly  defined  deliv¬ 
erables  in  no  more  than  three-month  chunks, 
advises  Rubenstrunk.  Some  possible  deliver¬ 
ables  include  the  following: 
a  Process  efficiencies:  Can  this  help  eliminate 
positions? 

a  Process  redesign:  Will  the  project  help  auto¬ 
mate  processes  so  new  projects  don't  need  to 
be  started  from  scratch? 
a  Customer  satisfaction:  Will  your  customers 
spend  more? 

-  Melissa  Solomon 


In  addition  to  honing  project-pro¬ 
posal  skills,  Hudson  suggests  that  lead¬ 
ers  also  learn  to  repitch  projects  if  ini¬ 
tially  rejected.  If  a  manager  explains 
what  he  has  tried  to  do  and  documents 
the  problems  he  has  faced  because  a 
project  wasn’t  funded,  senior  leaders 
will  often  recognize  that  the  manager 
put  in  a  good-faith  effort  and  will  re¬ 
consider  the  proposal,  says  Hudson. 

“A  lot  of  CIOs  never  follow  up  on  the 
projects  they  proposed  to  show  they 
are  valid,”  he  says. 

Street  Smarts 

Unfortunately,  says  Holcombe, 
there’s  no  one-size-fits-all  formula  for 
using  metrics  to  ensure  ROI.  The  only 
way  to  come  up  with  a  good  quantita¬ 
tive  analysis  is  to  learn  through  expe¬ 
rience,  he  says.  That’s  where  a  solid 
project-management  library  docu¬ 
menting  costs,  hours  and  other  factors 
from  past  projects  comes  in  handy. 

For  instance,  if  a  project  requires 
an  estimated  300  hours  of  work,  com¬ 
paring  300  hours  in  consulting  costs 
with  the  cost  of  using  in-house  staffers 
for  the  same  amount  of  time  might  not 
provide  the  best  numbers.  For  exam¬ 
ple,  in-house  developers  may  be  paid 
on  a  40-hour  workweek  but  actually 
average  60  hours  per  week,  so  the  cost 
per  hour  for  those  workers  may  be  less 
than  it  seems,  he  says. 

It’s  also  wise  to  ask  vendors  about 
their  lessons  learned  regarding  costs. 
When  vendors  offer  ROI  figures,  ask 
them  for  real-world  examples,  grill 
them  about  problems  faced  in  those 
projects  and  insist  that  they  think 
about  how  they’ll  avoid  those  prob¬ 


lems  this  time,  suggests  Holcombe. 

Soft  costs  and  cost  benefits  are  also 
critical.  For  instance,  about  a  year  ago, 
Pacific  Gas  &  Electric  Co.  started 
using  help  desk  technicians  to  create 
new  Web-based  IT  support  features, 
including  online  incident  reports  and 
a  technology  tips  newsletter.  Those 
technicians  spent  less  time  waiting  for 
calls  and  more  time  building  tools  to 
boost  department  efficiency,  says  Ruby 
Gin,  supervisor  of  the  San  Francisco- 
based  utility  company’s  technology 
service  center.  So  not  only  were  the 
technicians  helping  to  improve  the 
department;  they  were  also  given  the 
chance  to  develop  their  skills  and  di¬ 
versify  their  activities,  which  can  boost 
retention,  she  adds. 

“It’s  good  to  have  measurement  tools 
in  place,  but  what’s  most  important  is 
the  people,”  says  Gin.  “You  want  to  be 
able  to  do  that  and  keep  morale  up  so 
people  want  to  give  it  100%.” 

And,  of  course,  there  are  the  com¬ 
mon-sense  measurements.  A  project 
might  look  great  on  paper,  but  if  it 
ignores  a  critical  reality,  such  as  a  key 
technology  failing  to  perform  as  prom¬ 
ised,  it  could  be  a  disaster,  cautions 
Holcombe. 

“  ‘Dilbert’  is  a  great  example  of  how 
people  lose  sight  of  common  sense  and 
what’s  important,”  he  says.  “Try  not  to 
provide  anecdotal  stories  for  ‘Dilbert.’ 
That’s  our  mantra.”  N 


MORE  THAN  20  QUESTIONS 

For  a  sampling  of  the  80  categories  Merrill  Lynch  CFO 
Marvin  Balliet  uses  to  gauge  ROI,  visit  our  Web  site: 

QuickLink:  31240 
www.computerworld.com 


46 


MANAGEMENT 


COMPUTERWORLD  July  22. 2002 


Regional  groups 
offer  CTOs  and 
wannabes  a  place  to 
network  ana  learn. 

By  Steve  Alexander 


UTSIDE  OF  A  FEW  MBA  PROGRAMS, 
there  are  no  schools  that  formally 
teach  IT  professionals  how  to  be¬ 
come  chief  technology  officers. 

But  aspiring  technology  managers 
and  CTOs  who  want  to  learn  from 
their  peers  can  receive  an  informal 
education  through  a  number  of  regional  CTO  clubs. 
While  there  are  only  a  handful  of  these  groups,  they 
appear  to  be  broad  enough  in  scope  to  help  both  ju¬ 
nior  IT  managers  and  seasoned  CTOs.  More  recently, 
members  say,  they’ve  been  especially  helpful  to  man¬ 
agers  by  providing  guidance  on  how  to  steer  budgets, 
projects  and  staffs  through  tough  economic  times. 

“For  the  last  year,  CTOs  have  needed  more  men¬ 
toring,  whether  to  help  downsize  their  staffs,  manage 
the  same  workload  on  a  smaller  budget  or  make  use 
of  legacy  systems  at  a  time  when  they  can’t  make  ex¬ 
penditures  for  new  ones,”  says  Curtis  Brown,  CTO  at 
Oxygen  Media  Inc.,  a  New  York-based  operator  of  a 
cable  TV  channel  for  women. 

Jon  Williams,  CTO  at  Grey  Healthcare  Group  Inc., 
a  New  York-based  advertising  and  communications 
firm  for  the  health  care  industry,  has  pushed  for  the 
creation  of  professional  CTO  groups  as  a  way  to  help 
mentor  prospective  technology  leaders.  He  is  also  a 
co-founder  of  the  New  York  CTO  Club. 

The  New  York  CTO  Club  is  limited  to  about  30 
members,  who  meet  for  breakfast  once  a  month. 
Membership  and  attendance  at  meetings  are  by  invi¬ 
tation  only,  and  the  group  doesn’t  have  a  public  Web 
page.  Through  the  group,  Williams  tries  to  identify 
people  who  are  potential  CTOs  and  help  them  learn 
management  techniques  that  will  serve  them  well. 

“Almost  everyone  in  the  group  is  a  good  technolo¬ 
gist,  so  they  usually  don’t  need  help  in  that  area.  We 
try  to  help  them  with  management  and 
communications  skills,”  says  Williams, 
who  was  previously  an  IT  consultant. 

Path  to  CTO 

Good  technologists  often  follow  the  same  career 
path,  says  Williams.  They  graduate,  become  profi¬ 
cient  in  IT  and  then  discover  that  they  haven’t 
learned  management  basics  such  as  how  to  run  a 
company  or  manage  people.  Williams  says  that  the 
people  he  aims  to  help  are  the  ones  who  have  come 
to  the  realization  that  being  an  expert  technologist  is 
not  everything  you  need  to  be  a  CTO. 

In  the  Midwest,  the  Chicago  CTO  Roundtable 
meets  monthly  for  what  co-founder  John  Adams  calls 
an  opportunity  “to  bounce  ideas  off  each  other, 
whether  it’s  about  the  prices  of  hardware  and  soft¬ 
ware  or  staffing  issues.”  Adams,  vice  president  of 
technology  at  CoolSavings  Inc.,  a  Chicago-based 
company  that  handles  corporate  sales  promotions, 
says  the  mission  of  the  roundtable  is  to  provide  a  fo¬ 
rum  for  discussing  common  CTO  issues  and  to  help 
some  of  its  15  members  or  their  guests  “who  jumped 
or  were  pushed  into  being  CTOs  a  little  too  early.” 

Members  of  the  Chicago  CTO  Roundtable  are  the 
highest-ranking  IT  executives  from  their  organiza¬ 
tions,  regardless  of  their  individual  job  titles.  In  addi¬ 
tion,  people  with  lower-ranking  IT  titles  are  wel¬ 
come  as  guests  of  members.  Having  a  mix  of  people 
helps  promote  informative  and  practical  conversa¬ 
tions,  Adams  says.  For  example,  at  recent  meetings, 


Receive  mentoring  on  key  nontechnical 
skills,  such  as  communicating  with  top 
management  and  calculating  return  on 
investment  estimates  for  IT  projects. 

Participate  in  candid  peer  discussions  on 
common  CTO  issues,  such  as  hiring  con¬ 
sultants,  choosing  software  and  running  an 
IT  group  on  a  tight  budget. 

Get  firsthand  career  advice  from 
experienced  technology  leaders. 


members  and  visitors  have  shared  experiences  about 
selecting  consultants  and  choosing  the  right  method¬ 
ology  for  implementing  new  technologies. 

Mike  Toma,  CTO  at  eLabor  Inc.,  a  workforce  man¬ 
agement  software  company  in  Camarillo,  Calif.,  says 
self-interest  propelled  him  to  start  the  Los  Angeles 
CTO  Forum  with  five  other  members.  He  needed  a 
group  to  discuss  managing  larger  groups  of  employ¬ 
ees.  “I  tried  for  years  to  find  CTO  groups,  but  there 
weren’t  any  except  for  large  annual  events.  I  wanted 
a  smaller  peer  group  where  CTOs  could  get  togeth¬ 
er,”  Toma  says.  The  group  is  now  known  as  the  Tech¬ 
nology  Leadership  Council  and  has  54  members  in 
chapters  in  Los  Angeles,  San  Francisco  and  Boston. 

Toma  sees  a  a  big  need  for  peer  mentoring  because 
most  CTOs  come  from  technical  backgrounds  and 
haven’t  had  a  chance  to  develop  their  people  or  man¬ 
agement  skills.  “We  discuss  things  such  as  the  vari¬ 
ous  roles  of  CTOs,  the  metrics  and  ROI 
statistics  that  are  used  each  day  to  make 
decisions  and  how  to  deal  with  the  exec¬ 
utive  management  team,”  he  says. 

One  of  the  best  things  CTO  mentors  can  do  is  help 
others  choose  whether  to  focus  on  technology  or  on 
management,  says  consultant  Andreas  Turanski,  a 
member  of  the  New  York  CTO  Club.  “Most  people 
can’t  be  equal  in  both  technology  and  management. 
So  the  best  answer  is  to  decide  what  you  should  try 
to  pursue,”  Turanski  says. 

Another  big  issue  for  many  CTOs  is  the  need  to 
learn  on  the  job.  “The  right  people  may  be  in  the 
CTO  jobs,  but  it  happened  to  them  too  fast.  Peer 
group  mentoring  can  help  that  situation,”  says  Eric 
M.  Mark,  a  New  York  CTO  Club  member  and  CIO  at 
AEGIS  Insurance  Services  Inc.  in  Jersey  City,  N.J. 

Mentoring  is  also  good  for  the  person  doing  the 
teaching,  says  Oxygen’s  Brown,  who  is  a  member  of 
the  New  York  CTO  Club. 

“Mentoring  is  as  satisfying  as  anything  else  in  my 
job,”  he  says.  “If  I  can  do  something  to  make  some¬ 
one  else  do  their  job  better,  I’m  one  satisfied  CTO.”  I 


Alexander  is  a  freelance  writer  in  Edina,  Minn. 

Contact  him  at  sorion99@yahoo.com. 

CTO  CLUB  CONTACTS 

■  New  York  CTO  Club:  John  Williams,  jonwilliams@yahoo.com 

■  Technology  Leadership  Council:  Mike  Toma,  MToma@elabor.com 

■  Chicago  CTO  Roundtable:  John  Adams,  johnadams@coolsavings.com 


CAREERS 


47 


COMPUTERWORLD  July  22, 2002 


MANAGEMENT 


Dear  Career  Adviser: 

I  have  a  finance  and  computer  science  back¬ 
ground  and  several  years’  experience  working 
as  a  business  analyst.  I’m  interested  in  working 
on  an  e-commerce  initiative.  What  roles  make 
sense  for  me?  —  e-initiative 


Dear  e-lnifiative: 

The  investment  and  finance  commu¬ 
nities  have  been  hit  hard  this  year  eco¬ 
nomically.  Companies  in  this  market 
segment  are  interested  in  providing 
services  that  help  retain  customers, 
using  the  Internet  as  a  channel  to  reach 
customers  and  providing  intranets  for 
customer  service. 

“Many  jobs  require  contact  with  the 
business  users  for  design  and  analysis, 
plus  the  ability  to  talk  to  the  technical 
folks  who  are  actually  doing  the  hard 
coding,”  says  Loretta  Smith,  a  senior 
consultant  for  information  architecture 
at  T.  Rowe  Price  Group  Inc.  in  Balti¬ 
more.  “Plus  there  are  database  and  sys¬ 
tems  development  jobs.”  Therefore, 
where  you  go  from  here  depends  in 
part  on  the  role  you  want  to  play. 

If  you  want  to  remain  an  analyst,  the 
key  to  being  useful  in  this  medium  is 
having  experience  working  with  end 
users  to  decide  the  requirements  and 
thinking  about  the  designs  that  might 
solve  a  particular  problem.  You  will 
also  need  to  show  that  you  understand 
the  company’s  business  and  demon¬ 
strate  competency  on  issues  regarding 
security,  network  traffic  and  databases. 

“At  some  point,  someone  has  to  send 
a  SQL  call  for  data,  and  that  is  where 
the  rubber  meets  the  road,”  Smith  says. 

Finally,  you  might  have  to  apply  for 
contracting,  temp-to-perm  or  even  op¬ 
erations  jobs  to  get  your  foot  in  the 


Keep  your  skills 
updated  by  learning 
about  upcoming 
releases  and  going 
to  vendor  Web  sites. 


door.  In  this  environment,  companies 
often  want  to  look  at  you  before  they 
commit  to  a  full-time  relationship. 

Dear  Career  Adviser: 

I  have  worked  in  IT  and  finance 
in  the  New  York  area  and  am  wonder¬ 
ing  whether  there  has  been  any  im¬ 
provement  in  the  market.  If  so,  where? 
Also,  are  there  any  particular  strategies 
to  generate  more  interest  in  my  back¬ 
ground?  —  East  Coast  Ellen 

Dear  East  Coast: 

Even  companies  with 
hiring  freezes  are  still 
doing  some  hiring  on  the 
permanent  side  and  a  bit 
more  on  the  consulting 
side  because  jobs  still  need 
to  get  done,  says  Jay  Colan, 
a  New  York-based  senior 
consultant  and  vice  presi¬ 
dent  at  Lee  Hecht  Harri¬ 
son,  a  global  outplacement 
firm.  But  you  undoubtedly 
will  need  to  do  a  lot  to  get 
yourself  noticed  and  stay 
fresh  in  a  tight  market. 

If  you  haven’t  already,  start  network¬ 
ing.  Contact  people  listed  on  company 
Web  sites  and  on  your  college  alumni 
site.  Also,  attend  events  such  as  those 
sponsored  by  the  New  York  Software 
Industry  Association  ( www.nysia.org ) 
or  the  New  York  New  Media  Associa¬ 
tion  ( www.nynma.org ). 

Then,  work  on  your  resume.  Re¬ 
sumes  of  senior  people  attract  atten¬ 
tion  if  they  highlight  skills  in  enterprise 
systems,  security  and  risk  management. 
Junior  people  will  stand  out  from  the 
crowd  if  they  have  skills  in  desktop 
support,  security  and  LAN  administra¬ 
tion,  says  Colan.  In  addition,  resumes 
seem  to  get  more  hits  if  they  feature 
qualifications  such  as  the  Microsoft 
Certified  Systems  Engineer  and  the 
Project  Management  Institute’s  Project 
Management  Professional  certifica¬ 


tions.  Keep  your  skills  updated  by 
learning  about  upcoming  releases  and 
going  to  vendor  Web  sites,  where  you 
can  often  find  new  client  presentations 
and  white  papers.  Since  the  early  fall  is 
when  managers  prepare  and  submit 
budgets,  follow  Colan’s  advice:  Don’t 
slack  off  even  though  it’s  summer. 

Dear  Career  Adviser: 

I  started  in  mainframe  applications 
programming,  working  most  recently 
as  an  applications  developer  in  a  cross¬ 
platform  development  environment.  I 
had  a  Y2k  project  but  now  need  to  think 
about  revitalizing  my  technical  career, 
perhaps  by  moving  over  to  systems  inte¬ 
gration  and  middle-tier  development. 
What  is  the  most  logical  route? 

— -  Mainframe  to  the  Middle 

Dear  Middle: 

The  market  made  two  or  three  ad¬ 
vances  while  you  were  involved  in 
your  rewarding  Y2k  effort,  and  now 
you  need  to  play  catch-up  with  Java  de¬ 
velopment  and  network 
computing  architectures, 
says  Paul  Ryan,  chief  tech¬ 
nical  officer  at  Overture 
Services  Inc.,  a  Pasadena, 
Calif.-based  company  that 
provides  pay-for-perfor- 
mance  search  capabilities 
to  Web  sites. 

Essentially,  you  have  a 
few  choices.  If  you  want 
to  work  on  the  latest  en¬ 
terprise  systems  integra¬ 
tion  projects,  you  must 
understand  today’s  plat¬ 
forms  and  “who  is  inte¬ 
grating  what  with  what,” 
says  Ryan.  This  demands,  among  other 
competencies,  experience  with  appli¬ 
cation  servers  such  as  IBM’s  Web¬ 
Sphere,  BEA  Systems  Inc.’s  WebLogic 
and  Sun  Microsystems  Inc.’s  iPlanet,  as 
well  as  experience  with  Java  2  Enter¬ 
prise  Edition,  Enterprise  JavaBeans 
and  enterprise  messaging  and  Art 
Technology  Group  Inc.’s  Dynamo  per¬ 
sonalization  and  commerce  functional¬ 
ity  product. 

Even  if  you  have  training  and  certi¬ 
fications  under  your  belt,  you’ll  be  at 
a  disadvantage  at  interviews  if  you 
don’t  have  hands-on  experience  with 
these  newer  architectures.  But  you 
can  still  impress  a  hiring  manager 
by  downloading  applications  from  a 
Web  site  and  building  an  application 
server  environment,  which  will  give 
you  something  substantial  to  demon¬ 
strate.  I 


No  kidding.  CA  is  the  first  enterprise 
software  company  to  attain  global 
ISO  9002  quality  certification.  But 
our  commitment  to  quality  doesn't 
end  there.  It  extends  into  every  prod¬ 


uct  we  make,  and  every  customer 


relationship.  After  all,  we  didn't  get 
to  be  the  long-standing  world  leader 


in  eBusiness  software  for  nothing. 


To  find  out  more  about  how  we  make 


it  easier  to  do  business  on  your 


terms,  or  to  hear  from  some  of  our 


customers,  go  to  ca.com/innovation. 


Computer  Associates™ 


Explore  Key  IT  Strategies  with 
Award-Winning  Enterprise  Leaders! 


Exchange  Practical  Solutions  and  Ideas 
with  Leading  IT  Executives 


Proving 
IT  Value 


Gain  expertise  on  the  art  of  negotiating  and  creating 
true  partnerships  with  vendors.  Profit  from  proven  IT 
asset  procurement  and  management  tips. 


Integrating 
Technology  and 
Business 


Acquire  key  strategies  for  application  integration 
and  learn  the  latest  about  .Net,  Web  services,  mobile 
technologies,  CRM  and  business  intelligence  software. 


Hear  how  leading  users  and  suppliers  are  protecting  the 
enterprise  from  risks,  assuring  business  continuity,  secur¬ 
ing  e-business  and  managing  wireless  access. 


Identify  best  practices  to  leverage  data  management, 
storage  and  network  infrastructures.  Master  the  evalua¬ 
tion  of  outsourcing  deals  and  the  use  of  service  providers. 


r  more  information  on  the  nomination  and  selection  process  for  this  prestigious  honor,  visit: 

http://www.computerworld.com/services/research/Premier100 

_ _ 


For  companies,  interested  in  sponsoring  and  exhibiting,  contact  your  Computerworld  sales  executive,  or  Ann  Harris  at  508-820-8667. 


© 


careers.com 


Sure 

NetworkWorld, 

COMPUTERWORLD, 

AND  INFOWORLD 

Help  You  Do 
A  Better  Job. 

Now  Let  Us  Help 
You  Get  One. 

Call: 

1-800-762-2977 

0  careers.com 


Co 


Oracle  Project  Leader  - 
Southborough,  MA 

Provide  specialized  knowledge 
to  the  Oracle  Financial  &  Man¬ 
agement  Program.  Responsible 
for  overseeing  technical  support 
&  services  for  the  Oracle  pro¬ 
duction  systems.  Will  identify  & 
correct  problems  plus  design 
software.  Develop  training  mate¬ 
rial  &  develop  project  plans  for 
the  financial  &  manufacturing 
modules  of  Oracle. 

Job  Requirements: 

Must  have  a  BA  degree  in  a 
related  field  &  a  minimum  of  5 
years'  experience  as  a  technical 
Programmer  working  with  Oracle 
tools.  Applications  experience 
must  include  Distribution/Supply 
chain,  financial  modules  &  AOL. 
Must  have  extensive  knowledge 
of  system  methodologies  for 
Oracle  applications  work.  Expe¬ 
rience  in  integration  of  Orcle 
applications  with  third  party 
applications,  knowledge  of  ware¬ 
house  management  system, 
data  warehouse,  business 
objects  &  EDI  is  required.  Job 
Code:  OPL2 

Interested:  Please  send  resume, 
job  code  &  salary  requirements 
to:  HR  Dept.,  Honeywell  Con¬ 
sumer  Products,  250  Turnpike 
Road,  Southborough,  MA 
Fax:  (508)  460-8056.  e-mail: 
resume.account@honeywell.com. 
An  equal  opportunity  employer, 
we  are  committed  to  a  diverse 
workforce. 


IT  PROFESSIONALS  NEEDED 
Programmer  Analysts.. ..Systems 
Engineers... .Software  Develop¬ 
ment...  Digital  Equipment  (India) 
Ltd.  is  a  leading  software  com¬ 
pany  with  offices  nationwide. 
With  Digital  you  will  get: 
Additional  Compensation  for  re¬ 
ferrals,  and  Professional  Chal¬ 
lenges  with  training  and  assign¬ 
ments  to  keep  you  at  the  leading 
edge  of  technology.  We  need 
people  with  the  following  skills: 
OS:  Open  VMS,  NT/Windows 
2000,  Tru  64Unix. 
Languages/Tools:  ASP,  Com/ 
Dcom,  Java  Script,  VB  Script, 
VB,  VC++,  PERL,  Java,  EJB, 
CORBA,  RMI,  C/C++,  DEC 
Forms,  ACMS,  Rally. 
Middleware:  MSMQ,  TUXEDO 
Database:  Oracle,  SQL  Server, 
Sybase  and  Rdb 
Applications  can  be  sent  to 
North  America  F  &  A  Manager, 
Digital  Equipment  (India)  Ltd., 
334  South  Street,  SHR  3-2/C6, 
Shrewsbury,  Massachusetts 
01545. 

Digital  Equipment  (India)  Ltd.  is 
an  equal  opportunity  employer. 


First  Data  Corporation  has  open¬ 
ings  in  various  divisions  for 
Database  Administrator,  Software 
Quality  Assurance  Analyst, 
Release  Manager.  Senior 
Software  Developer/Analyst, 
and  Intermediate  Software  De¬ 
veloper.  Database  Administrator 
must  have  four  years  related 
experience  as  Oracle  DBA  and 
a  bachelor's  or  foreign  equivalent 
in  computer  science,  math,  or 
engineering.  Software  Quality 
Assurance  Analyst  must  have 
two  years  related  experience  in 
software  quality  assurance  and 
a  bachelor's  or  foreign  equivalent 
in  computer  science.  Release 
Manager  must  have  two  years 
experience  as  a  release  engi¬ 
neer  and  a  bachelor's  or  foreign 
equivalent  in  computer  science. 
Senior  Software  Developer/Ana¬ 
lyst  must  have  two  years  of  soft¬ 
ware  development  experience 
and  a  bachelor's  or  foreign 
equivalent  in  computer  science 
or  related  field.  Intermediate 
Software  Developer  must  have 
three  years  experience  imple¬ 
menting  and  integrating  Oracle 
products.  We  have  positions  in 
the  following  areas:  Montvale, 
NJ;  San  Francisco,  CA;  Rocklin, 
CA;  and  Houston,  TX,  Please 
send  your  resume  by  mail 
to:  Norm  Barnett,  First  Data 
Corporation,  6200  S.  Quebec 
St.,  Greenwood  Village,  CO 
80111,  and  refer  to  job  #3963RA. 


mputerworld  •  InfoWorld  • 


FOUNDSTONE 


Foundstone,  Inc.,  an  emerging  leader  in  the 
information  security  market  continues  its 
expansion.  We  are  currently  seeking  a 
Vice  President  of  Product  Development  to  join 
our  award  winning  team.  For  information 
regarding  this  position,  please  contact 
McIntyre  Associates, 


For  information  regarding  other  technical  positions, 
such  as  Software  Developer,  Research  and 
Development,  and  Deployment  Consultant  please 
visit  www.foundstone.com/jobs. 

Foundstone  has  one  ot  the  most  dominant  security  talent  pools 
ever  assembled.  The  company's  revolutionary  products  and 
services  include  the  world's  most  advanced  Enterprise 
Vulnerability  Management  software,  a  full  suite  of  professional 
security  services,  and  a  world  class  curriculum  of  security  education.  ) 


MclNTYRE 

ASS  O  C IATES 

Office  860-284-1000 
Fax  860-284-1111 
jeff@mcassoc.com 

Executive  Search  &  Management  Consulting  for 
next  generation  eSecurity  software.  Biometrics,  and 
wireless  technology  companies 


IT  firm  in  Detroit, Ml  seeks  to  fill 
the  following  positions: 

SAP  CONSULTANTS:  Develop 
&  implem  functional  modules 
such  as  FI/CO,  MM,  SD,  PP.  ABAP 
Programming. 

PROGR  ANALYSTS:  Participate 
in  all  phases  of  s/w  development 
using  Oracle  7/8, and/or  Java 
Tools. 

DESIGN  ENGINEERS: 

1 .  Exper  in  design,  implem,  data 
migration,  testing  of  PDM  systems- 
Metaphase/Windchill/Enovia; 
skills  such  as  C,  C++,  Java,  Oracle 
RDBMS,  SAP,  CAD/CAM. 

2.  Exper  in  ICAD  development  & 
other  KBE  00  Systems,  w/strong 
background  in  CAD/CAM/CAE. 

REQUIREMENTS: 

Must  have  BS  or  MS  or  equiv  in 
CS,  Mechanical  or  EE.  Bus 
Adm,  Finance  or  related  field:  & 
1-5  yrs  exp  in  the  req'd  area. 

Positions  available  in  Detroit,  Ml 
&  at  client  sites  throughout 
US. Pis  mail  resume  to  HR, 
32255  Northwestern  Highway, 
#248,  Farmington  Hills,  Ml  48334 


System  Administrators  sought 
to  Generates,  tunes,  configures, 
and  upgrades  Unix  and  Linux 
based  operating  systems. 

Database  Administrators  sought 
to  code,  test,  and  implement 
physical  database.  Design  logical 
and  physical  databases.  Manage 
and  maintain  database. 

Both  positions  require  BS  in 
Computer  Science  related  major 
and  related  experience.  Send 
resume  HR,  WorldTrade  Network, 
Inc.  5433  Westheimer,  #200, 
Houston,  TX  77056. 


Network  World  •  July  22,  2002 


IT  CAREERS 


careers.com 


_ 


© 


careers 


Systems  Analyst-  Analysis  and 
definition  of  system  requirements. 
Developing  and  writing  the 
design  specifications.  Based  on 
these  specifications  write  pro¬ 
gram  code  in  C,  C++,  Java,  ASP, 
etc.  using  personal  computers  or 
servers.  Responsible  fortesting, 
debugging,  maintenance  and 
documentation  of  the  system. 
Responsible  for  designing,  coding 
and  implementing  business  to 
consumer  e-commerce  application 
and  business  to  business  e-com¬ 
merce  application  using  C++, 
Java  and  Net.Commerce  Must 
have  done  course  work  in  1. 
Numerical  analysis  and  compu¬ 
tational  methods.  2.  Database 
management  systems. 3.  Data 
Communication  &  Network  4. 
Electronics  and  Computer  Engi¬ 
neering  5.  Will  accept  MBA 
without  experience  in  lieu  of 
Bachelor's  degree  plus  two 
years  of  work  experience.  The 
compensation  per  year  is 
$62,920.  40  hours  per  week,  8 
AM  -  5PM.  M-F,  Norcross,  GA. 
Bachelors  degree  in  Computer 
Science,  Engineering  or  any  field 
of  Science  and  experience  in 
Management  Designing  and 
analysis  of  Management  Infor¬ 
mation  Systems  and  e-commerce 
applications  with  two  years  of 
experience.  Qualified  individuals 
who  meet  the  above  requirements 
must  report  or  send  two  resumes, 
to  GA  Department  of  Labor, 
1535  Atkinson  Rd.  Lawrenceville, 
GA  30043-5601  or  the  nearest 
department  of  Labor  Field  Service 
Office.  Please  refer  to  Gwinnett, 
Job  Order#  GA  7098070 


Several  computer  related  posi¬ 
tions  available  for  international 
airline  telecom  and  information 
services  company.  Degree,  tech¬ 
nical  skills  &  experience  vary  per 
positions.  Send  resume  to 
Natasha  Lyttle,  SITA  INC,  3100 
Cumberland  Blvd.,  Ste.  200,  At¬ 
lanta,  GA  30339  or  iobsQ 
sitacareers.com. 


Applications  Developer.  Develop 
and  implement  web  and  intranet 
based  s/ware  apps  using  Oracle, 
SQL,  Cold  Fusion,  Interdev, 
DreamWeaver,  and  Flash.  Bach¬ 
elor  degree  in  C.S.  req’d,  as  is 
9  mos  of  exp  in  job  off'd  or 
a  web-based  programming 
position.  Must  have  exp  using 
SQL  in  a  web-based  environ. 
Competitive  Salary.  Resumes  to 
Dennis  Hunter,  Pratt  Corporation, 
Job  #2489.02,  3001  E.  30th  St„ 
Indianapolis,  IN  46218. 


Software  Engineers  &  Program¬ 
mers.  Analyze,  design,  develop, 
test  and  implement  specialized 
business  apps.  in  Business 
Objects  Ver  5 1,  Web  Intelligence 
and  related  Business  Objects 
products,  VB  Script,  Oracle  and 
related  RDBMS  and  related 
tools.  US  Workers  only.  Prevailing 
wage  &  benefits.  Travel  to  client 
sites  req'd.  Contact  Evelyn  Logan, 
Sapphire  Consulting,  8  Orange 
St.,  Edison,  NJ  08817.  EOE. 


Call  your 

ITcareers  Sales 

Representative 

or  Janis  Crowley. 

1-800-762-2977 

i _ 


Software  Programmer/Project 
Leader  Lisle,  IL  Software 
programmer/project  leader  to 
work  on  records  management 
system  project,  using  Microsoft 
Delphi,  Visual  C++  and  MS  SQL 
7.0/200  based  management  sys¬ 
tem.  Require  to  analyze  system 
and  business  requirements  and 
develop  software  programs  to 
meet  them  using  Object-Orient¬ 
ed  methodology.  Must  have 
Bachelor  degree  in  science  field. 
1  yr  experience  as  Software 
Prog./Project  Leader  40  h/wk, 
OT  as  needed  8-5  PM  $60,00 
annual  OT  at  OT  rate.  Applicants 
must  show  proof  of  legal  authority 
to  work  in  U.S.  Send  2  cover  letters 
and  2  resumes  to: 
ILLINOIS  DEPARTMENT  OF 
EMPLOYMENT  SECURITY,  401 
South  State  Street  -  7  North, 
Chicago.  IL  60605  Attn:  Brenda 
Kelly,  Ref.3  V-IL  31538-K  AN 
EMPLOYER  PAID  AD.  NO 
CALLS 


Seeking  qualified  applicants  for 
the  following  position  in  Memphis, 
TN:  Senior  Programmer  Analyst: 
Formulate/define  functional  re¬ 
quirements  and  documentation 
based  on  accepted  user  criteria. 
Requirements:  bachelor's  degree 
or  equivalent*  in  computer  science, 
MIS,  computer  systems  engi¬ 
neering  or  related  field  plus  5 
years  of  experience  in  systems 
/applications  development.  Ex¬ 
perience  with  client/server  tech¬ 
nology  or  object-oriented  analysis; 
C,  C++,  Smalltalk,  Visual  Basic 
or  Java;  and  CORBA  also 
required.  'Master's  degree  in 
appropriate  field  will  offset  2 
years  of  general  experience. 
Submit  resumes  to  Sibi  George, 
FedEx  Corporate  Services, 
1900  Summit  Tower  Blvd.,  Suite 
1400,  Orlando,  FL  32810.  EOE 
M/F/DA/. 


Software  Developer.  Develop 
computer  apps.  s/ware  and  spe¬ 
cialized  util,  programs  using 
OOD,  RDBs,  Network  Security, 
QA,  and  Internet  apps.  Masters 
degree  in  C.S.,  Eng’g  or  sim. 
field  req'd,  as  in  2ys  of  exp.  in  a 
s/ware  devel.  position.  Competi¬ 
tive  Salary.  Resumes  to  Kimber¬ 
ly  Miller,  Dir.  Of  H.R.,  Rose-  Hul- 
man  Institute  of  Technology,  Job 
#1865.04,  5500  Wabash  Av¬ 
enue,  Terre  Haute,  IN  47803 


Software  Engineers  needed. 
Senior  level  positions  available 
for  candidates  possessing  MS 
degree  or  equivalent  and/or 
relevant  work  experience.  1  year 
of  the  experience  must  include 
working  with  Oracle  and  Devel¬ 
oper  2000.  Work  with  the  following: 
Oracle,  PL7SQL,  Developer 
2000  (forms  6i  and  Reports  6i) 
and  Visual  Basic.  Mail  resume, 
references  and  salary  require¬ 
ments  to:  Symbiosis  International, 
3965  Okemos  Road  #B2, 
Okernos,  Ml  48864. 


TECHNICAL 

SBI  is  looking  for  the  following 
positions  for  its  offices  in 
Houston,  TX,  San  Francisco,  CA, 
Warren,  NJ,  Salt  Lake  City,  UT, 
and  Portland.  OR:  Programmer 
Analysts,  Technical  Architects, 
Graphic  Designers,  Business 
Strategists,  Systems  Analysts, 
Software  Eng.  Resumes  by  email 
or  fax  only  to  B.  Tognazzini,  SBI 
and  Company.  410  Townsend 
St.,  San  Francisco,  CA  94107 
btognazzini  @  sbiandcompany.co 
m;  fax  (415)  369-6822 


Digeo  seeks  S/W  Engr.  for 
Kirkland,  WA  office.  DESC: 
Dsgn,  dev,  impl,  &  test  multi¬ 
tiered  distrb.  apps.  to  access 
data  on  local  &  remote  RDBMS 
util.  SQL,  Java,  C/C++,  OO 
dsgn  methodologies,  Win,  &  Linux 
/Unix  o/s.  Install,  config,  &  deploy 
web  &  app.  servers.  REQ:  BS  in 
CS.  Math,  Engr,  or  Physics  plus 
2  yrs  exp.  dsgn,  dev,  impl,  &  test 
RDBMS  &  rel.  multi-tiered  distrb. 
apps.  util.  SQL,  Java,  C/C++, 
OO  dsgn  methodologies,  Win,  & 
Linux/Unix  o/s.  Install,  config,  & 
deploy  web  &  app.  servers. 
Prem.  sal  +  bns  &  benes.  Pis. 
reply  to  H  R,  Job  #  D 1-1 03,  88 1 5- 
122nd  AVE  NE,  Kirkland,  WA 
98033. 


Pro  Softnet  Corporation  has 
multiple  openings  at  its  Woodland 
Hills  office,  and  unanticipated 
client  sites  throughout  the  U.S  for 
the  following  postions:  Software 
Engineers,  Programmer  Analyst, 
Business  Manager,  Management 
Analyst.  Mail  resumes  to  :  Pro 
Softnet  Corp.  21 300  Vicory  Blvd. 
#  1230  Woodland  Hills,  CA 
913007  Attn  R.  Kulkarni  Code 
P101. 


Mphasis-BFL  Ltd.  and  its  subsidiary 
Mphasis  Corporation  has  multiple 
openings  for  the  following  positions 
at  its  offices  in  Santa  Monica, 
New  York  and  unanticipated 
client  sites  throughout  the 
U.S:  Programmer  Analyst,  Software 
Engineer,  Project  Manager, 
Management  Analyst, Sales 
Engineer,  Business  Development 
Manager,  Finance  Manager. 
Please  send  resume  and  salary 
history  to:  hr@mphasis.com  or 
mail  to:  HR  444  Park  Avenue 
South,  Suite  #503,  New  York,  NY 
10016 


Responsible  for  coding,  design¬ 
ing  and  re-engineering  Web 
applications  for  clients.  Write 
applications  using  C++, 
Rational  Rose,  UML  and  object 
oriented  analysis  and  design. 
Responsible  for  dealing  with  the 
business  partners  in  gathering 
the  requirements  and  creating 
specifications.  Must  have  a 
Bachelor’s  degree  in  CS  or  for¬ 
eign  degree  equivalent.  Must 
have  1  yrs  of  exp.  in  job  offered. 
Salary  Competitive:  Send 
resume  to:  Raj  Shekaran 
Software  Research  Assoc.  70 
Mansell  Ct.  Ste.  100  Roswell, 
GA  30076. 


SYSTEMS  ARCHITECT  to  serve 
as  chief  architect  for  major  client 
server  projects  using  a  CASE 
Life  Cycle  Methodology.  Serve  as 
a  CASE  Administrator,  providing 
overall  troubleshooting  solutions 
in  an  ORACLE  development 
environment.  Provide  systems 
architectural  solutions  applications 
development  in  a  Client  Server 
Environment.  Conduct  design 
and  development  peer  reviews 
for  quality  assurance.  Mentor 
overall  development  standards 
with  application  teams  and  leads. 
Provide  directional  support  for 
DBA.  Production  Control  in  the 
areas  of  performance  evaluation 
and  tuning.  Also  act  as  backup 
DBA.  Require  B.S.  degree  in 
Computer  Science  and  5  years 
experience  in  the  job  offered 
or  5  years  related  experience 
as  Systems  Analyst,  Software 
Consultant  and/or  Software  Pro¬ 
grammer.  Work  experience  must 
include  5  years  of  experience  in 
an  ORACLE  CASE  environment. 
40  hrs/8:00  a.m.  to  5:00  p.m. 
$83,200  per  year,  send  resumes 
to  MDCD/ESA,  P.O.  Box  11170, 
Detroit,  Ml  48202.  Ref.  No. 
202155.  Employer  paid  ad. 


Software  Engineer:  40hr/wk, 
8am-5pm,  $60,209/yr.  Min. 
Requ-M.S.  in  Computer  Science 
or  related.  Develop  the  Net  Event 
Report  system  using  data 
generated  from  OPENVIEW 
system;  object-oriented  design 
using  C/C++,  UNIX,  AIX600, 
AS/400,  Java,  and  HTML;  create 
Net  Event  Report  Data  Base 
in  Oracle;  generate  different 
reports  using  CGI,  network 
management  using  Oracle-web, 
HP-Unix,  Perl  and  CGI;  data¬ 
base  transfer  using  Visual  Basic. 
3  yr  above  exp.  or  in  related 
occupation:  Programmer/Analyst. 
"Employer  Paid  Ad".  Contact 
MDCD/ESA,  P.O.  Box  11170, 
Detroit,  Ml  48202,  Ref.  #  No. 
202404. 


PROGRAMMER  ANALYSTS 


wanted  by  software  consulting 


co.  in  Houston,  TX.  Must  have 


degree  and  exp.  Respond  by 


resume  to:  Mr.  B.  Hilton,  R/T#10, 


Connective  Technologies,  Inc., 


7676  Hillmont  St.,  Ste  120, 


Houston,  TX  77040. 


PROGRAMMER  ANALYST 
wanted  by  computer  consulting 
firm  from  Sugar  Land,  TX.  Must 
have  Computer  Science  degree 
and  exp.  Respond  by  resume 
only  to:  Ms.  B.  Nelson,  Recruiter, 
J/K,  Digital  Consulting  &  Soft¬ 
ware  Services,  One  Sugar 
Creek  Center  Blvd.,  Ste.  #500, 
Sugar  Land,  TX  77478. 


Asst  Vice  Pres.  (Los  Gatos,  CA): 
Manage  all  bus.  for  sale  of  Active 
Matrix  Liquid  Crystal  Display 
technology  in  Japan  &  Asia. 
Oversee  dev.  of  bus.  plans, 
policies,  &  aims  to  improve  mrkt 
position  &  share.  Apply  bus./en- 
g’g  principles  to  rel'ship  of  Kopin 
&  our  clients.  Travel  to  bus. 
territory.  Qualify  with  BS,  EE  or 
rel.  area,  5  yrs  exp  in  job  or  5  yrs 
in  eng'g  sales  &  mktg.  Send  2 
resumes  to:  NP,  Kopin  Corp., 
695  Myles  Standish  Blvd. 
Taunton,  MA  02780,  an  EOE. 


COMPUTER  PROFESSIONALS 

Opportunities  for: 

•WEB  ARCHITECTS/ 
DEVELOPERS 

•  SYSTEMS  ANALYSTS 
•WEB  GRAPHIC  DESIGNERS 

•  NETWORK  ENGINEERS 

•  PROGRAMMER/ANALYSTS 

•  SOFTWARE  ENGINEERS 

SKILLS: 

•  COLD  FUSION  •  SPECTRA 

•  ORACLE  •  VISUAL  BASIC 

•  VISUAL  C++  •  SIEBEL  •  ASP 

•  COM,  DCOM  •  JSP  •  HTML 

•  JAVA,  JAVA  BEAN  •  EJB  JAVA 
SERVLETS  •  WEBSPHERE 

•  IBM  MQ  SERIES  •  XML,  UML 

•  MTS  •  CLARIFY  •  PERL 
•OBJECTPERL  •  SPYPERL 

•  SMALLTALK  •  PL/SQL 
•VISUAL  AGE  •  COBOL,  SPL, 
UNIX 

Visit  our  website  @ 
www.computerhorizons.com 

Attractive  salaries  and  benefits. 
Please  forward  your  resume  to: 
H.R.  Mgr.,  Computer  Horizons 
Corp.  49  Old  Bloomfield  Avenue, 
Mountain  Lakes,  New  Jersey 
07046-1495.  Call  973-299-4000. 
E-mail:  jobs  @  computerhorizons. 
com.  An  Equal  Opportunity  Em¬ 
ployer  M/F. 


DIRECTOR  OFTECHNOLOGY- 
Interior  Construction  Company 
seeks  Director  of  Technology 
with  the  following  responsibilities: 
Oversee  a  network  of  1 00  work¬ 
stations,  15  servers  &  a  tech, 
staff  of  2  programmer  analysts  & 
5  network  technicians;  design  & 
build  construction  information 
system  &  integrate  w/existing 
legacy  accounting  system; 
integrate  existing  construction 
technology  with  AIA  standard 
processes  to  streamline  the 
work  processes.  Successful 
candidate  will  have  a  Bachelor's 
degree  in  Computer  Science  or 
Civil  Engineering,  &  1  y  exp.  in 
job  duties  or  1  yr.  exp.  as  Civil 
Engineer.  Experience  in  DB 
programming,  Drywall  technolo¬ 
gies  &  processes  &  NT  networks 
a  must.  Mail  resume  to  Component 
Assembly  Systems,  620  Fifth 
Ave.,  Pelham,  NY  10803,  Attn: 
John  Rapaport. 


♦ 


Sr.  Software  Engineer:  Charlotte, 
N.C.  Full-Time. To  review,  analyze 
and  modify  programming  sys¬ 
tems  as  well  as  develop  Java, 
EJB,  JSP  and  XML,  conduct  unit 
and  integration  testing,  document, 
produce  SQL,  integrate  with 
hardware  group  and  have  profi¬ 
ciency  in  various  Servers.  B.S. 
in  Engineering  or  academic 
equivalent  in  engineering  or 
related  occupation  plus  5  years 
of  progressive  experience  in 
Engineering  is  required.  Fax 
resumes  to  R.  Brinson  (704) 
510-0408. 


Programmer  Analyst  needed  by 
GA  based  IT  firm,  req'd  skills: 
Websphere  Commerce  Suite, 
Websphere  Application  Server, 
OOAD,  RUP,  Java,  C,  C++, 
UML.  Send  Resumes  to  HR 
Dept,  Objects  On  Net,  Inc. 
110  Commerce  Dr,  Suite  111, 
Fayetteville,  GA-  30124 


Software  Engineers,  Atlanta: 
Develop,  support  &  enhance  web 
based  collaborative  software 
tools  in  Unix  &  NT  environ  &  in¬ 
tegrate  legacy  sys.  using  Java, 
XML,  DHTML,  DCOM,  EJB,  JSP, 
Servlets,  OOD-OOP.  Req.  BS  in 
HCI,  1  yr  development  exp  & 
knowledge  of  J2EE,  EJB, 
Servlet  and  JSP.  Fax  resume:  L. 
Anderson,  MediaOcean,  404- 
885-9949 


- ♦ - 

Noetix  seeks  Sr.  S/W  Engr.  for 
HQ  office  in  Bellevue,  WA.  DESC: 
Lead  team  of  developers  & 
engrs.  Arch,  dsgn,  dev,  &  test 
corp.  IS,  RDBMS,  servers  &  rel. 
web  apps.  util.  SQL,  C++,  OO 
dsgn  &  prog,  COM/DCOM, 
ODBC,  MFC,  Win  &  Unix  o/s. 
REQ:  BS  in  Engr,  CS,  Phys,  or 
Math  +  5  yrs.  exp.  dsgn,  dev,  & 
testing  RDBMS  &  rel.  apps.  util. 
SQL,  C++,  OO  dsgn  &  prog,  Win 
&  Unix  o/s.  Plus  1  yr.  exp.  dsgn  & 
dev.  web  apps.  util.  COM/DCOM, 
ODBC  &  MFC.  Prem.  sal.  + 
benes.  Pis.  reply  to  J.  Hubbs,  Job 
#NC-106,  2229-1 12th  Ave  NE, 
Ste.  200,  Bellevue,  WA  98004. 


MILLIONS  OF 
READERS 
MILLIONS  OF 
SURFERS 
ONLY 
THOUSANDS 
OF  DOLLARS 
TOTAL  IMPACT 
TOTAL 
SAVINGS 

Put  your  message  in 
IT  careers  and 
ITcareers.com  and 
reach  the  world’ 
best  IT  talent. 

ITcareers 

where  the  basS  get  better 
1-800  762-2877 


ITcareers.com 


Managing  Systems  Engineer: 
manage,  direct  and  oversee  the 
sale  of  software  products  based 
on  his  technical  knowledge  of 
software  system  and  develop¬ 
ment.  Hire,  fire,  and  train  sales 
engineers  and  other  technical 
staff.  Create  sales  strategies.  Su¬ 
pervise  and  assist  in  the  devel¬ 
opment  of  software  products,  as 
well  as  maintenance  and  techni¬ 
cal  support  for  such  products. 
Req.  Bachelor’s  Degree  in  Busi¬ 
ness,  Economics,  or  MIS  with  2 
years  exp.  in  job  offered  or  IT 
Manager.  Must  have  ability  to  in¬ 
stall  CICS,  VTAM  and  IMS.  Must 
be  proficient  in  setting  up  TCP/IP. 
$100K/yr,  40hr/wk,  9-5.  Send  re¬ 
sume  to  Beta  Systems  Software, 
Inc.  at  10  Eastbrook  Bend,  Suite 
101 ,  Peachtree  City,  GA  30269 


Software  Engineer  wanted  by 
Noriden  Corp.  in  Piscataway,  NJ. 
Must  have  a  Master's  degree 
in  computer  science  or  related 
fields  with  at  least  two  years 
experience  in  developing  trading 
systems.  Job  duties  include 
designing  and  developing  archi¬ 
tecture  for  trading  systems  using 
object-oriented  technology  and 
various  software  development 
tools,  and  developing  and 
implementing  high  performance 
applications  using  various  data 
communication  protocols,  stan¬ 
dards  and  equipment.  Must  have 
Fixed  Income  and  equity  deriva¬ 
tives  knowledge,  strong  math 
background  and  quantitative 
skills.  Please  send  resume  to 
www.noriden.com. 


’22E/ 


Computerworld  •  InfoWorld 


Network  World  •  July  22,  2002 


careers+com 


IT  CAREERS 


SOFTWARE  ENGINEER 

Software  engineer  to  design, 
develop  and  test  computer  pro¬ 
grams  for  business  applications; 
analyze  software  requirements 
to  determine  feasibility  of  design; 
direct  software  system  testing 
procedures  using  expertise  in 
Tuxedo,  JDeveloper,  Oracle  8.0 
and  JBuilder.  Requirements: 
Bachelor's  Degree  or  equivalent 
in  Computer  Science  or  related 
field  and  two  years  experience 
as  a  software  engineer  or  com¬ 
puter  programmer,  knowledge  of 
Tuxedo,  JDeveloper,  Oracle  8.0 
and  JBuilder.  Salary:  $70,000 
/year.  Working  Conditions:  8:00 
A.M.  to  5:00  P.M.,  40  hours 
/week,  involves  extensive  travel 
and  frequent  relocation.  Apply: 
Manager,  Butler  County  Career- 
Link,  Pullman  Commerce  Center, 
1 1 2  Hollywood  Drive,  Suite  1 01 , 
Butler,  PA  16001,  Job  No. 
WEB259773. 


Programmer  Analysts-Experience 
with  ERP/CRM,  ORACLE  apps, 
PowerBuilder,  MS  SQL  Server, 
DBA,  JAVA,  ASP,  Network  Engi¬ 
neers  Employer  is  a  computer 
consulting  company.  Relocation 
required.  Send  resume  to:  Dan 
Wilson,  APOGEE  SOFTWARE 
SYSTEMS,  PBM  254,  PO  Box 
2800,  Carefree,  AZ  85377. 


Vice  President 
of  Research  & 
Development 

Manage  web-based 
collaboration  software 
development  team  and  work 
on  software  product  design. 
Travel  required. 

Forward  resume  to: 
e4eNet, 

Attn:  Michele  Monast, 

300  Crown  Colony  Drive, 
Quincy,  MA  02169; 

Fax:  617-376-8825; 
E-mail:  jobs@e4enet.eom 
An  Equal  Opportunity  Employer 


www.e4enet.com 

Trusted 
by  more 
hiring 
managers 
than  any 
IT  space 
in  the 
world. 


SOFTWARE  ENGINEER 

Software  engineer  to  design, 
develop  and  test  computer  pro¬ 
grams  for  business  applications; 
analyze  software  requirements 
to  determine  feasibility  of  design; 
direct  software  system  testing 
procedures  using  expertise  in 
EJB,  Oracle  8i,  JBuilder  4.0  and 
CORBA.  Requirements:  Bache¬ 
lor's  Degree  or  equivalent  in 
Computer  Science  or  related 
field  and  two  years  experience 
as  a  software  engineer  or  com¬ 
puter  programmer,  knowledge 
of  EJB,  Oracle  8i,  JBuilder  4.0 
and  CORBA.  Salary:  $66,000 
/year.  Working  Conditions:  8:00 
A.M.  to  5:00  P.M.,  40  hours 
/week,  involves  extensive  travel 
and  frequent  relocation.  Apply: 
Manager,  Armstrong  County 
Team  PA  CareeLink,  1 270  North 
Water  Street,  PO  Box  759, 
Kittanning,  PA  16201,  Job  No. 
WEB259792. 


♦ 


SOFTWARE  ENGINEER 

Software  engineer  to  design, 
develop  and  test  computer  pro¬ 
grams  for  business  applications; 
analyze  software  requirements 
to  determine  feasibility  of  design; 
direct  software  system  testing 
procedures  using  expertise  in 
EJB,  Oracle  8i,  JBuilder  4.0 
and  CORBA.  Requirements: 
Bachelor's  Degree  or  equivalent 
in  Computer  Science  or  related 
field  and  two  years  experience 
as  a  software  engineer  or  com¬ 
puter  programmer,  knowledge 
of  EJB,  Oracle  8i,  JBuilder  4.0 
and  CORBA.  Salary:  $66,000 
/year.  Working  Conditions:  8:00 
A.M.  to  5:00  P.M.,  40  hours 
/week,  involves  extensive  travel 
and  frequent  relocation.  Apply: 
JS  Supervisor,  Green  County 
Team  PA  CareerLink,  4  West 
High  Street,  Waynesburg,  PA 
15370,  Job  No.  WEB259782. 


SOFTWARE  ENGINEER 

Software  engineer  to  design, 
develop  and  test  computer  pro¬ 
grams  for  business  applications; 
analyze  software  requirements 
to  determine  feasibility  of  design; 
direct  software  system  testing 
procedures  using  expertise  in 
JSP,  Oracle,  XML  and  Weblogic 
6.1.  Requirements:  Bachelor's 
Degree  or  equivalent  in  Com¬ 
puter  Science  or  related  field 
and  two  years  experience  as  a 
software  engineer  or  computer 
programmer,  knowledge  of  JSP, 
Oracle,  XML  and  Weblogic  6.1. 
Salary:  $66, 000/year.  Working 
Conditions:  8:00  A.M.  to  5:00 
P.M.,  40  hours/week,  involves 
extensive  travel  and  frequent  re¬ 
location.  Apply:  Manager,  West¬ 
moreland  County  CareerLink, 
300  East  Hillis  St.,  Youngwood, 
PA  1 5697,  Job  No.  WEB259797. 


♦ 


SOFTWARE  ENGINEER 

Software  engineer  to  design, 
develop  and  test  computer  pro¬ 
grams  for  business  applications; 
analyze  software  requirements 
to  determine  feasibility  of  design; 
direct  software  system  testing 
procedures  using  expertise  in 
ASP.NET,  SQL  Server  2000,  C# 
and  ADO.NET.  Requirements: 
Bachelor's  Degree  or  equivalent 
in  Computer  Science  or  related 
field  and  two  years  experience 
as  a  software  engineer  or  com¬ 
puter  programmer,  knowledge  of 
ASP.NET.  SQL  Server  2000,  C# 
and  ADO.NET.  Salary:  $75,000 
/year.  Working  Conditions:  8:00 
A.M.  to  5:00  P.M.,  40  hours 
/week,  involves  extensive  travel 
and  frequent  relocation.  Apply: 
Manager,  Beaver  County  Team 
PA  CareerLink,  2103  Ninth 
Avenue,  Beaver  Falls, PA  15010, 
Job  No.  WEB259800. 


PROGRAMMER/ANALYST  to 
analyze,  design,  develop,  test, 
validate,  create  and  run  queries 
and  reports  through  IMPROMPTU 
from  DB2  tables;  Create  and  run 
extracts  and  reports  on  MVS 
through  DYL280;  Implement 
application  software  using  COBOL 
II,  CICS,  VSAM,  JCL,  DB2,  SQL, 
SAS,  Assembler,  PL1 ,  Easytrieve, 
NDM,  FTP,  Infoman,  Changeman, 
File-Aid,  Expediter  and  Defect 
Tracking  Tools  under  Windows 
operating  system.  Require:  B.S. 
degree  in  Computer  Science, 
an  Engineering  discipline,  or  a 
closely  related  field  with  two 
years  of  experience  in  the  job 
offered.  Competitive  salary 
offered.  Send  resume  to:  Debra 
L.  Crow,  Citibank  Universal  Card 
Services,  8787  Baypine  Road, 
Jacksonville,  FL  32256;  Attn: 
Job  SM. 


SOFTWARE  ENGINEER 

Software  engineer  to  design, 
develop  and  test  computer  pro¬ 
grams  for  business  applications; 
analyze  software  requirements 
to  determine  feasibility  of  design; 
direct  software  system  testing 
procedures  using  expertise  in 
ASP  2.0,  T-SQL,  SQL  Server 
2000  and  Erwin.  Requirements: 
Bachelor’s  Degree  or  equivalent 
in  Computer  Science  or  related 
field  and  two  years  experience 
as  a  software  engineer  or  com¬ 
puter  programmer,  knowledge  of 
ASP  2.0,  T-SQL,  SQL  Server 
2000  and  Erwin.  Salary:  $85,000 
/year.  Working  Conditions:  8:00 
A.M.  to  5:00  P.M.,  40  hours 
/week,  involves  extensive  travel 
and  frequent  relocation.  Apply: 
McKeesport/Allegheny  Cty 
CareerLink,  Attn:  JS  Supervisor, 
345  Fifth  Avenue,  McKeesport, 
PA  1 51 32,  Job  No.  WEB259807. 


♦ 


NE  OH  Consulting  Co.  seeks 
Systems  Analyst  to  automate 
processing  or  improve  existing 
computer  applications;  analyze 
user  requirements;  investigate 
alternatives,  design,  document, 
build,  test,  and  implement  solu¬ 
tion  in  SAP;  design  sales,  distri¬ 
bution  and  material  manage¬ 
ment  modules;  provide 
production  support;  lead  team; 
mentor  staff.  Min.  5yrs.  in-job 
exp.  required.  Exp.  must  include 
SAP  ABAP;  user-exits,  IDOC; 
understanding  of  SAP’s  WM,  LE, 
SD,  Warehouse  Management 
modules;  use  of  Internet  Explor¬ 
er,  MS  Windows,  MS  Office 
Suite,  Visio,  Lotus  Notes,  Reme¬ 
dy.  Travel  required  and  must  be 
willing  to  work  different  shifts. 
Resumes  to  CCAi  Consulting, 
5800  Landerbrook  Dr.,  Mayfield 
Hts.,  OH  44124.  No  Calls.  EOE 


♦ 


SOFTWARE  ENGINEER 

Software  engineer  to  design, 
develop  and  test  computer  pro¬ 
grams  for  business  applications; 
analyze  software  requirements 
to  determine  feasibility  of  design; 
direct  software  system  testing 
procedures  using  expertise  in 
C#,  ASP.NET  SQL  Server  2000 
and  COM.  Requirements:  Bach¬ 
elor's  Degree  or  equivalent  in 
Computer  Science  or  related 
field  and  two  years  experience 
as  a  software  engineer  or  com¬ 
puter  programmer,  knowledge 
of  C #,  ASP.NET,  SQL  Server 
2000  and  COM.  Salary:  $66,000 
/year.  Working  Conditions:  8:00 
A.M.  to  5:00  P.M.,  40  hours 
/week,  involves  extensive  travel 
and  frequent  relocation.  Apply: 
Director,  Pittsburgh/Allegheny 
Co.  CareerLink,  Attn:  JS  Super¬ 
visor,  425  Sixth  Ave.,  Suite  2200, 
Pittsburgh,  PA  15216,  Job  No. 
WEB259815. 


Computer 

As  a  $180  million  industry 
leader,  we  are  able  to  provide 
our  people  with  the  kind  of  work 
environment,  opportunities,  ben¬ 
efits,  growth  potential  and  pro¬ 
gressive  training  others  can't 
match.  We  are  looking  for  IT  pro¬ 
fessionals  with  a  minimum  of  la- 
years  experience  for  the  follow¬ 
ing  job  titles: 

•  PROGRAMMER/ANALYST 

•  SYSTEMS  ANALYST 

•  SYSTEMS  PROGRAMMER 

•  DATABASE  ADMINISTRATOR 

•  DATABASE  ANALYST 

•  LAN  ADMINISTRATOR 
•SOFTWARE  ENGINEER 
•WEB  DEVELOPER  /  ARCHI¬ 
TECT 

•DATA  WAREHOUSING  AR¬ 
CHITECT 

•  IT  PROJECT  MANAGER 
•BUSINESS  ANALYST 
•SAP  FUNCTIONAL  AND 

TECHNICAL  EXPERTS 
•HIGH  LEVEL  SOLUTIONS 
SALES  EXECUTIVES 

•  Q  A/TESTER 
•TECHNICAL  RECRUITER 


Our  skill  sets  include: 
•CLIENT/SERVER 

•  ERP  -  SAP,  ORACLE,  PEO- 
PLESOFT 

•  INTERNET 

•  E-COMMERCE 
•MAINFRAME 

•  MID-RANGE,  AS/400 

•  CRM  -  SIEBEL 

•  DATA  MODELING 

Contact  the  Corporate  Head¬ 
quarters  for  positions  available 
in  the  following  areas:  Arizona, 
Colorado,  Connecticut,  Florida, 
Georgia,  Illinois,  Massachusetts, 
New  Jersey,  New  York,  North 
Carolina,  Pennsylvania,  Southern 
California,  Texas,  Virginia/DC. 

For  consideration  please  refer¬ 
ence  Job  Code:  RIRCW10 
and  send  your  resume  to:  RCG 
Information  Technology;  Attn: 
National  Recruiting,  379Thornall 
Street,  Edison,  NJ  08837;  FAX: 
(732)  744-3583  or  email  to: 
recruit@rcoit.com  We  are  an 
Equal  Opportunity  Employer. 
M/F/D/V. 

www.rcgit.com 
RCG  Information  Technology 


Software  Engineer:  For  IT 
consulting  co,  resp  for  complete 
feature  enhancement  &  design 
of  new  features  according  to 
clients’ specs,  including  software 
system  design;  software  opti¬ 
mization;  &  coding,  testing  & 
debugging  of  existing  &  newly 
created  applications  &  utilities. 
Req's:  Bachelor’s  degree,  or 
equiv,  in  Comp  Sci,  Info  Tech 
or  related  field.  5  yrs  exp  in  job 
offered  or  5  yrs  exp  in  software 
applications  dev.  Exp  must  include 
analysis  &  design  using  UML 
diagrams  &  Rational  Rose,  design 
patterns,  applet  development, 
multithreaded  &  embedded  ap¬ 
plication  dev,  database  design  & 
implementation  using  Borland 
Database  Engine,  Paradox  data¬ 
bases  &  ER  modeling.  Exp  can 
be  gained  while  pursuing  degree. 
Prof  in  Borland  C++,  Visual  C++, 
Standard  Template  Library  in 
C++,  Java,  XML,  ActiveX,  COM, 
HTML,  Visual  Basic,  Assembly  & 
DLL.  40  hrs/wk.  Send  resume  to 
Dimitry  Dikman,  EPAm  Software 
Consultants,  Inc.,  139  Roy  Lane, 
Huntingdon  Valley,  PA  1 9006. 


Systems  Analyst  w /  San  Francis¬ 
co-  based  IT  consultants,  to  work 
at  various  client  sites  in  the  Bay 
Area  &  other  undetermined  sites 
in  the  US.  Implmt,  maintain  & 
upgrade  Oracle  ERP  s/ware  pkgs. 
Reqs:  Bach  in  Comp  Sci, 
Engineering,  Business,  Logistics, 
HR,  or  closely  related  field  +  2  yrs 
exp  w/  Oracle  applic.  Send 
resumes,  refs,  and  salary  require¬ 
ments  to  Attn:  HR,  IT  Conver¬ 
gence,  150  E.  Gilman  St„  Suite 
B2200,  Madison.  Wl  53703. 


5by5  Networks,  Inc. 

Exciting  Pre-IPO  Opportunity! 

V.P.  Engineering 

Incorporated  in  1998,  5by5  Net¬ 
works,  is  a  privately  held  company 
headquartered  in  Roseville,  Cal¬ 
ifornia  with  strong  international 
alliances  in  Asia  and  Europe. 
5by5  Networks  is  positioned  to 
be  a  premier  next  generation 
VoIP  switching  solution  company, 
offering  the  highest-performance 
products  in  the  telecommunica¬ 
tions  industry. 

The  VP  of  Engineering  is  re¬ 
sponsible  for  directing  design 
and  specification  of  new  products 
&  services  and  for  developing 
the  5by5  Networks  Product 
Roadmap.  Direct  all  aspects  of 
company's  software/hardware 
development  ensuring  all  product 
development,  testing  and  docu¬ 
mentation  milestones  are  ac¬ 
complished  as  scheduled.  Create 
plans  for  implementation  of  new 
technical  projects  or  product 
lines  in  conjunction  with  sales 
/marketing  directives  to  ensure 
products  meet  real  customer 
/market  needs.  Contribute  to 
company  plans  and  strategies  to 
enable  rapid  and  sustained 
growth  in  the  telecommunications 
marketplace. 

Qualifications:  BS  in  CS,  EE,  Math, 
or  related  &  8  yrs.  sr.  engineering 
mgmt.  exp.  in  telecom,  industry; 
successful  management  &  team 
building  experience;  exp.  in  de¬ 
velopment,  delivery  and  deploy¬ 
ment  of  a  successful  product 
to  the  marketplace;  in-depth 
knowledge  of  the  VoIP  industry 
including  protocols,  signaling 
and  network  infrastructure  and 
telecommunication  carriers;  exp. 
in  developing  VoIP  network  com¬ 
ponents  &  signaling  protocols; 
exp.  working  with  NMS  protocols; 
and  familiarity  with  product 
certification  requirements  and 
processes. 

Please  visit  our  website  at 
www.5by5networks.com  for 
more  information  on  our  exciting 
company  and  other  employment 
opportunities.  To  submit  a 
resume  for  one  of  our 
positions,  please  email  to: 
careers@5by5networks.com 
or  fax:  (916)  677-2680 

EOE  (no  agencies  please) 


SOFTWARE  ENGINEER 

Multiple  openings  for  software 
engineers  to  design,  develop 
and  test  computer  programs  for 
business  applications;  analyze 
software  requirements  to  deter¬ 
mine  feasibility  of  design;  direct 
software  system  testing  proce¬ 
dures  using  expertise  in  C#, 
ASP.NET,  SQL  Server  2000  and 
COM.  Requirements:  Bachelor's 
Degree  or  equivalent  in  Com¬ 
puter  Science  or  related  field 
and  two  years  experience  as  a 
software  engineer  or  computer 
programmer,  knowledge  of  C#, 
ASP.NET,  SQL  Server  2000  and 
COM.  Salary  range:  $66,000- 
$78, 000/year.  Working  Conditions: 
8:00  A.M.  to  5:00  P.M.,  40  hours 
/week,  involves  extensive  travel 
and  frequent  relocation.  Apply: 
Manager,  Washington  County 
Team  PA  CareerLink,  Millcraft 
Center,  Suite  150LL,  90  West 
Chestnut  Street,  Washington,  PA 
15301,  Job  No.  WEB259779. 


Software  Engineer:  Works  under 
the  supervision  of  Sr.  Engineers 
to  research/develop  computer 
graphics  software  related  to 
the  import/export  of  Macintosh/ 
Windows  vector/raster  graphics 
file  formats  using  C/C++  under 
both  Microsoft  Visual  Studio  C 
and  Metroworks  Code  Warrior 
for  Macintosh.  Req:  Bach  in 
Comp  Sci.  Elec  Eng,  rel/equiv  & 
1  yr  ex.  Resume  to:  HR,  Deneba 
Software  Inc.,  1150  NW  72nd 
Ave,  Miami,  FL  33126.  No  calls 
please. 


Programming  Analysis  Manager: 
Responsible  for  managing  the 
development  of  custom-designed 
programs  on  Novel!  computer 
network  as  well  as  Unix  operating 
system.  Specific  duties  include 
overseeing  evaluation  of  compa¬ 
ny's  needs  for  new  and  modified 
programs  and  manage  the 
development  of  necessary 
programs  for  financial  report 
generation  using  Delphi;  utilizing 
C  to  develop  programs  allowing 
users  to  create  smaller  programs; 
overseeing  the  development  and 
maintenance  of  databases  using 
Btrieve.  SQL  and  Informix;  man¬ 
aging  the  analysis  &  develop¬ 
ment  of  specifications  for  bridge 
design  including  determining 
feasibility,  costs,  time  require¬ 
ments  and  compatibility  with 
operating  systems;  studying 
reports  about  users  to  identify 
current  operating  procedures 
and  clarify  program  objectives  & 
approving  plan  formulations  out¬ 
lining  steps  required  to  develop 
new  programs  using  structured 
analysis  and  design;  supervising 
the  activities  of  programmers. 
Must  have  a  Bachelor’s  degree 
in  Computer  Information  Systems 
with  3  years  of  experience  in 
the  job  offered  or  as  a  Systems 
Analyst  or  Project  Leader  or  any 
combination  thereof.  In  lieu  of 
Bachelor’s  degree  in  Computer 
Information  Systems,  will  accept 
applicants  with  3  years  of  under¬ 
graduate  university  studies  plus 
3  years  of  systems  programming 
experience;  such  applicants 
must  additionally  possess  the  3 
years  experience  as  Programming 
Analysis  Manager  or  Systems 
Analyst  or  Project  Leader  or  any 
combination  thereof.  Will  accept 
foreign-awarded  university  degree 
or  coursework  deemed  equiva¬ 
lent  to  the  above  U.S.  education 
requirements  by  an  independent 
credential  evaluator.  The  required 
3  years  of  experience  in  the  job 
offered  or  Systems  Analyst  or 
Project  Leader  or  any  combina¬ 
tion  thereof  must  have  included 
at  least  1  year  working  with  Novell 
and  Unix  operating  systems, 
Delphi,  C,  SQL,  Btrieve  and  In¬ 
formix  and  superasing  employees. 
40  hrs/wk,  Mon-Fri,  9:00  a  m. 
to  6:00  p.m.,  $95,000  per  year. 
Applicants  must  show  proof  of 
legal  authority  to  work  in  the  U.S. 
SEND  2  COPIES  OF  BOTH 
RESUME  &  COVER  LETTER  to: 
ILLINOIS  DEPARTMENT  OF 
EMPLOYMENT  SECURITY,  401 
South  State  Street  -  7  North, 
Chicago,  Illinois  60605,  Attention: 
Leila  Jackson,  Reference  # 
V-IL  29205-J.  NO  CALLS.  AN 
EMPLOYER  PAID  AD. 


COMPUTER/IT 

Senior  Programmer/Analyst. 
Job  Location:  Dallas,  Texas. 
Duties:  Perform  standard  soft¬ 
ware  design,  dev.,  testing,  &  im¬ 
plementation  in  the  area  of 
Enterprise  Resource  Planning 
(ERP-SAP  R/3).  Perform  high 
level  designing,  context  analysis 
diagram  (CAD),  structure  charting, 
data  flow  diagram  (DFD),  module 
definitions  &  program  design  for 
software  life  cycle.  Implement  & 
maintain  SAP  R/3  for  Sales  & 
Distribution,  Retail  Materials 
Management  &  Human  Resource 
Management  Modules  in  ABAP 
/4  using  workbench  tools  (ABAP 
Editor,  Screen  Painter,  Menu 
Painter  &  Runtime  Analysis). 
Create  CAD.  DFD  &  Flow  Charts 
using  Visio.  Flow  Charter  &  MS 
Power  Point.  Perform  data  mod¬ 
eling  using  ERwin  &  Power 
Designer.  Perform  data  maps  for 
SAP  interfaces  with  third  party 
tools,  such  as  Mercator  and  MQ 
series.  Perform  data  cleansing 
with  Trillium  software.  Requires 
Master's  Degree  or  foreign 
equiv.  in  Comp.  Science,  Eng.,  or 
closely  related  field.  In  lieu 
of  Master's  degree  or  foreign 
equiv  ,  will  accept  Bachelor's 
degree  or  foreign  equiv.  plus  five 
yrs.  of  progressive  exp.  Must 
have  two  yrs.'  exp.  in  job  offered 
or  two  yrs. '  exp.  as  a  Consultant 
Exp.,  which  may  have  been 
obtained  concurrently,  must  in¬ 
clude:  two  yrs.'  exp.  implementing 
&  maintaining  SAP  R/3  using 
workbench  tools  (ABAP  Editor, 
Screen  Painter,  Menu  Painlet  & 
Runtime  Analysis).  EOE.  40 1 
hrsJwk.  Send  resume  (no  calls)  j 
to  Jolie  Wiese  Short.  Manager.  I 
Corporate  StaFing.  CompUSA,  I 
Inc  ,  14951  North  Dallas  Parkway. 
Dallas,  Texas  75254 


Computerworld  •  July  22,  2002 


RESOURCES 


COMPUTERWORLD  July  22, 2002 


How  to  Contact  Computerworld 


TELEPHONE/FAX 

Main  phone  number . (508)  879-0700 

All  editors  unless  otherwise  noted  below 

Main  fax  number . (508)  875-8931 

24-hour  news  tip  line . (508)  620-7716 


E-MAIL 

Our  Web  address  is  www.computerworld.com. 

All  staff  members  can  be  reached 
via  e-mail  using  the  form: 

firstname.lastname@computerworld.com. 

All  IDG  News  Service  correspondents 
can  be  reached  using  the  form: 

firstname.lastname@idg.com. 

LETTERS  TO  THE  EDITOR 

Letters  to  the  editor  are  welcome  and 
should  be  sent  to:  letters@computerworld.com. 

Include  your  address  and  telephone  number. 

MAIL  ADDRESS 

PO  Box  9171,  500  Old  Connecticut  Path, 
Framingham,  Mass.  01701 

SUBSCRIPTIONS/BACK  ISSUES 

Subscription  rates:  U.S.,  $68/year;  Canada, 
$110/year;  Central  and  South  America, 
$250/year;  all  others,  $295/year 

Phone  . (800)552-4431 

E-mail . circulation@computerworld.com 

Back  Issues . (508)  988-7590 

REPRINTS/PERMISSIONS 

Phone  .  Ray  Trynovich  (717)  399-1900,  ext.  124 
E-mail . rtry@reprintbuyer.com 


CONTACTING 
CW  EDITORS 


We  invite  readers  to  call  or  write  with  their 
comments  and  ideas.  It  is  best  to  submit 
ideas  to  one  of  the  department  editors  and 
the  appropriate  beat  reporter. 


State/federal  government;  Patrick  Thibodeau  (202)  737-6081 

antitrust;  legal  Issues;  politics 

Security;  defense  and  aerospace  Dan  Verton  (703)  321-2277 

Enterprise  systems;  ASPs/  Jaikumar  Vijayan  (630)  978-8390 

outsourcing;  security; 
heavy  manufacturing 

General  assignment;  Todd  Weiss  (717)  560-5255 

Linux  and  Unix  operating  systems 


Editor  in  Chief  Maryfran  Johnson  (508)  820-8179 
Editorial  Director.  Print/Online  Patricia  Keefe  (508)  820-8183 


DEPARTMENT/ 

BUREAU  EDITORS 

News  Editor  Don  Tennant  (508)  620-7714 
Assistant  News  Editor  Craig  Stedman  (508)  820-8120 
Management  Editor  Julia  King  (610)  532-7599 
Technology  Editor  Tommy  Peterson  (508)  620-7729 
Director,  Knowledge  Centers  Mitch  Betts  (202)  737-6049 
West  Coast  Bureau  Chief  Pimm  Fox  (650)  524-7116 


OPINIONS 

Senior  News  Columnist  Frank  Hayes  (503)  252-0100 
Columns  Editor  Rick  Saia  (508)  820-8118 

FEATURE  EDITORS 

Assistant  Feature  Editor  Jean  Consilvio  (508)  820-8562 
Special  Projects  Editor  Ellen  Fanning  (508)  820-8204 
Editor  at  Large  Mark  Hall  (503)  391-1158 
Reviews  Editor  Russell  Kay  (508)  820-8175 
Technology  Evaluations  Editor  Robert  L.  Mitchell  (508)  820-8177 


REPORTERS 

Bob  Brewin  (301)  277-8069 


Mobile  computing/wireless; 

health  care 
Intel  PCs  and  servers; 
messaging;  travel 
Editor  at  large, 
information  economics 
Financial  services;  storage; 

IT  management 
Middleware;  internetworking; 
network  systems  mgt.;  energy 
General  assignment;  trans- 
portation/carriers;  automotive 
Microsoft;  application 
development;  retail  industry 
ERP;  supply  chain;  CRM; 
databases;  data  warehousing 
General  assignment:  public  B2B; 
online  procurement;  content  mgt. 


Jennifer  DiSabatino  (508)  820-8122 
Thomas  Hoffman  (845)  988-9630 
Lucas  Mearian  (508)  820-8215 
Michael  Meehan  (508)  620-7704 
Linda  Rosencrance  (508)  628-4734 
Carol  Sliwa  (508)  628-4731 
Marc  L.  Songini  (508)  820-8182 
Brian  Sullivan  (508)  620-7780 


FEATURE 

WRITERS 

Gary  H.Anthes  (202)  737-7242 
Matt  Hamblen  (508)  820-8567 
Kathleen  Melymuka  (508)  628-4931 
Deborah  Radcliff  (707)  829-5823 
Melissa  Solomon 


C0MPUTERW0RLD.COM 


Director,  online  and  design 
Managing  editor/online 
Online  news  editor 
Online  news  editor 
Communities  director 
Communities  senior  editor/writer 
Communities  builder 
Associate  art  director 
Associate  art  director 


Tom  Monahan  (508)  820-8218 
Sharon  Machlis  (508)  820-8231 
Ken  Mingis  (508)  820-8545 
Marian  Prokop  (508)  620-7717 
Vanessa  DiMauro  (508)  820-8110 
Rick  Saia  (508)  820-8118 
Barbara  Steinberg  (508)  620-7782 
David  Waugh  (508)  820-8142 
John  R.  Brillon  (508)  820-8216 


Keeley  Guillerme.  marketing  associate/researcher; 

Peter  Smith,  Web  development  manager;  Kevin  Gerich,  Mark  Savery, 

Web  developers;  Bill  Rigby,  associate  Web  developer; 

David  Ramel,  online  production  coordinator  and  e-mail  newsletter  editor; 
Matthew  Moring,  graphic  designer 


RESEARCH 

Mari  Keefe,  research  manager; 
Gussie  Wilson,  research  associate 


COPY  DESK 

Jamie  Eckle.  managing  editor/production  (508)  820-8202; 
Michele  Lee,  assistant  managing  editor/production  (508)  820-8126; 
Bob  Rawson,  senior  copy  editor;  Jacqueline  Day. 

Eugene  Demaitre,  Mike  Parent,  Monica  Sambataro,  copy  editors 

GRAPHIC  DESIGN 

Stephanie  Faucher,  design  director,  (508)  820-8235: 

April  O'Connor,  associate  art  director;  Julie  D'Errico,  graphic  designer: 
Susan  Cahill,  graphics  coordinator; 

Rich  Tennant,  John  Klossner,  cartoonists 


ADMINISTRATIVE 

SUPPORT 

Linda  Gorgone,  office  manager  (ext.  8176); 
Cheryl  Dudek  (ext.  8178) 


CONTRIBUTING 

COLUMNISTS, 

David  Foote,  Michael  Gartenberg,  Dan  Gillmor, 
Thornton  A.  May.  David  Moschella,  Bart  Perkins, 
Nicholas  Petreley,  Fran  Quittel.  Paul  A.  Strassmann 


CONTRIBUTING  WRITERS 
James  Cope.  Kevin  Fogarty.  Amy  Helen  Johnson.  Mathew  Schwartz 


COMPANIES  IN  THIS  ISSUE 

Page  number  refers  to  page  on  which  story  begins. 
Company  names  can  also  be  searched  at 

www.computerworld.com 

A  M  P.  LTD . 38 


ACCENTURE  LTD . 14 

ACCTON  TECHNOLOGY  CORP . 8 

AEGIS  INSURANCE  SERVICES  INC . 46 

ALLFIRST  FINANCIAL  INC . 1 

ALLIANCE  DATA  SYSTEMS  CORP . 40 

ALTURA  INTERNATIONAL  INC . 6 

AMERICA  ONLINE  INC . 33 

AMERICAN  INTERNATIONAL  GROUP  INC.  . .  30 
AMERICAN  MANAGEMENT 

SYSTEMS  INC . 12 

AMP  (U.K.)  FINANCIAL  SERVICES  LTD . 38 

AMR  RESEARCH  INC . 32 

ARS  INC . 8 

ART  TECHNOLOGY  GROUP  INC . 47 

ASCENTIAL  SOFTWARE  CORP  .  30 

ASPELLE  LTD . 7 

ASSOCIATED  BRITISH  NUTRITION  & 

AGRI-PRODUCTS . 30 

ASSOCIATION  OF  STATE  AND 

TERRITORIAL  HEALTH  OFFICIALS . 12 

AT&T  CORP . 1.12 

AT&T  WIRELESS  SERVICES  INC .  8 

AUTODESK  INC . 32 

AVAYA  INC.  35 

BEA  SYSTEMS  INC . 6.47 

BOINGO  WIRELESS  INC . 8 

BURLINGTON  NORTHERN 

SANTA  FE  CORP . 20 

CACI  INTERNATIONAL  INC . 10 

"AMBRIAN  COMMUNICATIONS  LLC  . .  44.45 

CARIBOU  LAKE  SOFTWARE  LLC . 38.39 

CATO  INSTITUTE . 25 

CBS  INC  20 

CENTER  FOR  INTERNET  SECURITY . 1 


CENTERS  FOR  DISEASE  CONTROL 


AND  PREVENTION . 12 

CHAMPLAIN  COLLEGE . 33 

CHECK  POINT  SOFTWARE 

TECHNOLOGIES  LTD . 23,24 

CINGULAR  WIRELESS . 8 

CISCO  SYSTEMS  INC . 35 

CITRIX  SYSTEMS  INC . 7 

CLASSIC  RESIDENCE  BY  HYATT . 24 

COMPUTER  ASSOCIATES 

INTERNATIONAL  INC . 20,54 

COMPUTER  SCIENCES  CORP . 10 

COMPUWARE  CORP . 54 

COOLSAVINGS  INC.  .  46 

CORNING  INC . 10,12 

COVISINT  INC . 32 

CURRENT  ANALYSIS  INC . 1 

CUTTER  CONSORTIUM . 38,39 

DEFENSE  INFORMATION 

SYSTEMS  AGENCY . 1 

DRESDNER  KLEINWORT  WASSERSTEIN  .  7 

EDISON  ELECTRIC  INSTITUTE  . 40 

E LABOR  INC . 46 

ELI  LILLY  AND  CO . 10 

EMC  CORP . 10 

FARPOINT  GROUP . 8 

FBI . 10 

FEDERAL  DEPOSIT  INSURANCE  CORP . 6 

FISERV  INC . 30 

G&Z  SYSTEMS  INC . 20 

GARTNER  INC .  1.14.30,40 

GIGA  INFORMATION  GROUP  INC . 6 

GLOBAL  STRAIGHT  THROUGH 

PROCESSING  ASSOCIATION . 14 

GREY  HEALTHCARE  GROUP  INC  46 


HEWLETT-PACKARD  CO . 6,7,10 

HUDSON  &  ASSOCIATES . 44 

HYATT  CORP . 24 

12  TECHNOLOGIES  INC . 14 

12  USER  GROUP . 14 

IBM . 1,6.8,10.16.24.30.47.54 

IDC . 7,8,14 

ILLUMINATA  INC . 20 

INDUSTRIAL  LIGHT  &  MAGIC . 6 

INFORMATION  TECHNOLOGY 

ASSOCIATION  OF  AMERICA . 12,25 

INFRA VIO  INC . 30 

INTEL  CAPITAL . 8 

INTEL  CORP . 6,8,10,25 

INTERNATIONAL  STANDARDS 

ORGANIZATION . 30 

INTERSIL  CORP . 8 

IPASS  INC.  8 

J.D.  EDWARDS  &  CO . 32 

JAPANESE  SECURITIES  DEALERS 

ASSOCIATION . 14 

JOHNSON  CONTROLS  INC . 32 

KRAFT  FOODS  INC . 20 

LANTE  CORP . 6 

LEE  HECHT  HARRISON . 47 

LOCKHEED  MARTIN  CORP . 33 

LOTUS  SOFTWARE  GROUP . 35 

LUCAS  DIGITAL  LTD . 6 

LUCENT  TECHNOLOGIES  INC . 10 

MAJOR  LEAGUE  BASEBALL . 25 

MARYLAND  DEPARTMENT  OF  HEALTH 

AND  MENTAL  HYGIENE . 12 

MATRIXONE  INC . 32 

MCAFEE  SECURITY . 33 

MCAFEE.COM  CORP . 10 

MERRILL  LYNCH  &  CO . 44 

META  GROUP  INC . 1,8,44.45 

METROPOLITAN  HOSPITAL . 1 

MICROSOFT  CORP . 1.7.10.16.20.24. 

.  25.27.30.33.35.47 

MIT . 33 

MOBILE  SATELLITE  VENTURES  LP . 20 

MOTOROLA  INC . 30 


NATIONAL  ACADEMY  OF  SCIENCES . 25 

NATIONAL  SECURITY  AGENCY . 1 

NEOTERIS  INC . 7 

NETWORK  ASSOCIATES  INC . 10,33 

NEW  YORK  NEW  MEDIA  ASSOCIATION  ....  47 
NEW  YORK  SOFTWARE  INDUSTRY 

ASSOCIATION . 47 

NOKIA  CORP . 24 

NORTEL  NETWORKS  LTD . 35 

NORTHWESTERN  UNIVERSITY . 33 

OFFICE  OF  HOMELAND  SECURITY . 10 

OMGEO  LLC . 14 

ORACLE  CORP . 1,14 

OVERTURE  SERVICES  INC . 47 

OXYGEN  MEDIA  INC . 46 

PACIFIC  GAS  &  ELECTRIC  CO . 44 

PARTY  CITY  CORP . 20 

PEOPLESOFT  INC . 10 

POLYMEDICA  CORP . 6 

PROJECT  MANAGEMENT 

INSTITUTE  INC . 47 

PROVIDENCE  HEALTH  SYSTEM . 30 

PUGET  SOUND  ENERGY  INC . 40 

QWEST  COMMUNICATIONS 

INTERNATIONAL  INC . 24 

RATIONAL  SOFTWARE  CORP . 54 

RSA  SECURITY  INC . 7 

SALOMON  BROTHERS  INC . 20 

SANCTUM  INC . 7 

SANS  INSTITUTE . 33 

SANTA  FE  INSTITUTE . 34 

SAP  AG . 10,14,24,32 

SBI  AND  CO . 6,14 

SCHLUMBERGERSEMA .  40 

SCIENT  INC . 6 

SECURITIES  INDUSTRY  ASSOCIATION . 14 

SERENA  SOFTWARE  INC . 54 

SIEBEL  SYSTEMS  INC . 10 

SIEMENS  INFORMATION  AND 

COMMUNICATION  NETWORKS  INC . 12 

SILVERSTREAM  SOFTWARE  INC . 30 

SONIC  SOFTWARE  CORP . 30 

SPRINT  CORP . 24 


STARTRAK  LLC . 20 

STSN  INC . 8 

SUN  MICROSYSTEMS  INC . 6,10,47 

SUNGARD  DATA  SYSTEMS  INC . 30 

SUNKIST  GROWERS  INC . 20 

T.  ROWE  PRICE  GROUP  INC . 47 

TARANTELLA  INC . 7 

TECHNOLOGY  LEADERSHIP  COUNCIL. ...  46 

TELECHOICE  INC . 7 

THE  HOME  DEPOT  INC . 1 

THE  SAGEZA  GROUP  INC . 6 

THE  STANDISH  GROUP 

INTERNATIONAL  INC . 38 

THE  YANKEE  GROUP . 1 

TROPICANA  PRODUCTS  INC . 20 

U. S.  AIR  FORCE . 1 

U.S.  DEPARTMENT  OF  COMMERCE . 12 

U.S.  GENERAL  ACCOUNTING  OFFICE . 6 

U.S.  GENERAL  SERVICES 

ADMINISTRATION . 1 

U.S.  PUBLIC  HEALTH  SERVICE . 12 

U.S.  SECURITIES  AND  EXCHANGE 

COMMISSION . 14.24 

UNISYS  CORP .  6 

VERIZON  WIRELESS . 8 

VF  CORP . 14 

VIVENDI  UNIVERSAL  GAMES . 20 

WATCHFIRE  CORP . 7 

WEBMETHODS  INC . 30 

WESTPAC  BANKING  CORP . 38 

WIRELESS  ETHERNET  COMPATIBILITY 

ALLIANCE . 8 

WORLDCOM  INC . 1,23,24 

WRQ  INC .  7 

XEROX  CORP . 24 

YAHOO  INC . 6 


ADVERTISERS  INDEX 


Cisco . 21 

www.cisco.com 

Computer  Associates  . 4,47 

www.ca.com 

Dell . 26 

www.dell.com 

DLTtape  Technology . 22.  23 

320reasons.com 

Exodus . 15 

www.exodus.com 

Hewlett-Packard  Midrange  Server  .11 
www.hp.com 

Hewlett-Packard  ProLiant . 17 

www.hp.com 

IBM  Cross  Server . 42-43 

www.ibm.com 

IBM  E-Infrastructure . 2-3 

www.ibm.com 

IBM  Storage  . 55 

www.ibm.com 

Imation . 41 

www.imation.com 

Microsoft  Abilities . 18-19 

www.microsoft.com 

NTT  Communications  . 56 

www.nttverio.com/ad 

Oracle  Corp . 9 

www.oracle.com 

Premier  100 . 48 

www.computerworld.com/services/ 

research/PremierlOO 

Sprint  . 13 

www.sprint.com 

Sybase . 28-29 

www.sybase.com 


The  index  is  provided  as  an  additional  service  The  publisher  does 
not  assume  any  liability  lor  errors  or  omissions. 


COMPUTERWORLD  July  22, 2002 


53 


NEWS 


Continued  from  page  1 

Benchmark 

profit  end-user  group. 

End  users  say  such  bench¬ 
marks  are  a  big  help. 

“They  save  us  a  heck  of  a  lot 
of  time,”  said  John  Walsh,  vice 
president  of  information  secu¬ 
rity  at  Allfirst  Financial  Inc.  in 
Baltimore.  He  uses  security 
benchmarks  to  configure  hun¬ 
dreds  of  servers.  “They  are  ac¬ 
cepted  industrywide  as  a  good 
place  to  start  when  building  a 
secure  system,”  Walsh  said.  “I 
think  there  is  a  lot  of  value  in 
them.” 

But  the  benchmark’s  backers 
also  hope  that  its  broad-based 
support  can  be  used  to  send  a 


message  to  vendors  about  the 
need  for  strong  security  before 
products  are  shipped. 

“We  want  to  use  the  power 
of  a  user  consensus  to  influ¬ 
ence  the  vendors  and  [original 
equipment  manufacturers]  to 
secure  these  systems  before 
they  ever  ship  them,  at  least  to 
a  minimal  level,”  said  Clint 
Kreitner,  president  and  CEO  of 
Bethesda,  Md.-based  CIS. 

If  vendors  put  in  security 
settings  before  products  are 
shipped,  “we  can  install  it  and 
run  it,  rather  than  go  through 
another  process,”  said  John 
Gilligan,  CIO  of  the  U.S.  Air 
Force.  Today,  military  IT  pro¬ 
fessionals  must  configure  and 
test  security  settings  before 
deploying  each  workstation, 
he  said. 


But  even  if  vendors  shipped 
systems  meeting  benchmark 
standards,  Walsh  said  it  would 
not  stop  him  from  verifying  it. 
He  compared  it  to  a  military 
job  he  had  many  years  ago  as  a 
parachute  rigger.  “I  implicitly 
trusted  the  people  I  worked 
with,  but  I  only  jumped  with 
my  own  chute,”  he  said. 

The  benchmark  gives  users  a 
“preflight  checklist”  of  securi¬ 
ty  settings.  Administrators  can 
use  the  baseline  standard  to 
configure  systems  before 
rolling  them  out  to  users. 

The  Windows  2000  bench¬ 
mark  grew  out  of  benchmarks 
developed  by  various  federal 
agencies,  but  it  was  also  based 
on  a  Microsoft  Corp.  security 
template,  said  Steve  Lipner,  di¬ 
rector  of  security  assurance  at 


Microsoft.  The  Windows  2000 
benchmark  provides  detail,  not 
fundamental  changes,  to  Mi¬ 
crosoft  security  practices,  Lip¬ 
ner  said.  The  company  also 
worked  on  the  benchmark. 

The  Windows  2000  security 
settings  are  set  at  “moderate” 
levels  and  set  in  a  way  to  en¬ 
sure  applications  won’t  break, 
said  Lipner.  Preconfiguring 
PCs  with  Windows  bench¬ 
marks  before  they’re  shipped 
would  be  something  vendors 
could  ultimately  do,  he  said. 

Microsoft’s  efforts  to  beef  up 
security  won  praise  from 
Richard  Clarke,  special  adviser 
to  the  president  on  cyberspace 
security,  who  also  called  the 
private-  and  public-sector  col¬ 
laboration  “an  example  of  how 
things  should  be  done.”  ► 


Helping  Hand 

The  Center  for  Internet  Sear 
rity’s  benchmarks  m  develop¬ 
ment  include: 

■  IBM’s  AIX 

*  Apache  Web  Server 

■  Cisco  Pix  Firewall, 

■  Windows  IIS  Web  Server 

CIS  benchmarks  already 
released  include: 

■  Sun  Solaris 

■  Linux 

■  HP-UX 

■  Cisco  I0S  router 

■  Windows  2000,  NT 

The  benchmarks  are  available  at 

www.cisecurity.org.ljhoi 


WorldCom’s  Next  Generation 


-oiOOllUv 


SIP  Redirect 

server  server 


Network 

gateway 


SIP- 

enabled 

router 


SIP- 

enabled 

router 


Customer 

premises 


Customer 

premises 

No  PBX 


SOURCE:  INTERNAL  WORLDCOM  DOCUMENTS  OBTAINED  BY  COMPUTERWORLD 

■  SIP:  Session  Initiation  Protocol  ■  PSTN:  Public  switched  telephone  network 

■  PBX:  Private  branch  exchange  ■  PVC:  Permanent  virtual  circuit 


Continued  from  page  1 

WorldCom 

“I  don’t  think  many  people 
will  buy  it”  while  WorldCom’s 
financial  situation  is  unsettled, 
said  Zeus  Kerravala,  an  analyst 
at  The  Yankee  Group. 

Analyst  Kate  Gerwig  at  Cur¬ 
rent  Analysis  Inc.  in  Sterling, 
Va.,  agreed,  saying  customers 
won’t  trust  the  WorldCom 
brand  for  some  time.  She  sug¬ 
gested  it  would  be  better  to  roll 
out  the  service  after  World¬ 
Com  pares  its  operations  and 
rights  its  financial  ship. 

David  Willis,  an  analyst  at 
Meta  Group  Inc.,  said  World¬ 
Com  has  invested  heavily  in 
Session  Initiated  Protocol  tech¬ 
nology,  which  bridges  the  gap 
between  circuit-switched  and 
packet-based  networks,  and  it 
has  been  building  toward  a  full 
VOIP  offering.  “It  was  sup¬ 
posed  to  be  launched  in  June, 
but  they  got  distracted,”  he  said. 

The  internal  documents  con¬ 
vey  the  company’s  conviction 
that  the  VOIP  market  is  on  the 
verge  of  large-scale  adoption, 
stating  that  “circuit-switched 
networks  are  now  too  expen¬ 
sive  to  operate”  and  IP-based 


phone  calls  will  become  the 
norm  in  the  next  five  years. 

The  service  is  designed  to 
work  with  all  handsets  and 
networking  gear.  Its  ultimate 
goal  is  to  replace  traditional 
telephony  systems,  eliminating 
the  difference  between  local 
and  long-distance  calls  while 
making  applications  such  as 
unified  messaging  part  of  an 
enterprise’s  core  communica¬ 
tions  infrastructure. 

Kerravala  cautioned  that 
many  users  lack  the  LANs  to 
support  VOIP  traffic  and  that 
many  remain  doubtful  that  IP 
telephony  will  achieve  the 
sound  quality  and  secure  com¬ 
munications  of  a  traditional 
telephone  network. 

“There’s  a  perception  of  risk 
associated  with  it,  and  I’m  not 
even  talking  about  the  World¬ 
Com  risk,”  Willis  said.  “It’s  a 
bit  premature  to  expect  cus¬ 
tomers  to  flock  to  this  type  of 
offering.”  I 


Reporter  Marc  L.  Songini 
contributed  to  this  story. 


THE  RACE  IS  ON 

Competitors  AT&T  and  SBC  are  already 
proceeding  with  IP  telephony. 

QuickLink:  31511 
computerworid.com 


Periodical  postage  paid  at  Framingham.  Mass  .  and  other  mailing  offices.  Posted  under  Canadian  International  Publication  agreement  #40063800.  CANADIAN  POSTMASTER:  Please  return  undeliverable  copy  to  PO  Box  1632.  Windsor.  Ontario  N9A  7C9.  Computerworld  '.ISSN  0010-48-. -d 
weekly,  except  a  single  combined  Issue  tor  the  last  two  weeks  in  December  by  Computerworld.  Inc..  500  Old  Connecticut  Path.  Box  9171.  Framingham.  Mass.  01701-9171.  Copyright  2002  by  Computerworld  Inc.  All  rights  reserved.  Computerworld  can  be  purchased  on  n  ..crot.lm  und  nncroTFChe  th:  .)n  . 

versity  Microfilms  Inc..  300  N.  Zeeb  Road.  Ann  Arbor,  Mich.  48106.  Computerworld  is  indexed.  Back  issues,  il  available,  may  be  purchased  from  the  circulation  department.  Photocopy  rights:  permission  to  photocopy  for  internal  or  personal  use  Is  granted  by  Computerworld  Inc.  tor  '  ■  ■  1  1  1  -  urs 

registered  with  the  Copynght  Clearance  Center  (CCC).  provided  that  the  base  fee  of  $3  per  copy  ot  the  article,  plus  50  cents  per  page,  is  paid  directly  to  Copyright  Clearance  Center.  27  Congress  St..  Salem.  Mass.  01970.  Reprints  (minimum  100  copies)  and 

permission  to  reprint  may  be  purchased  Irom  Ray  Trynovich.  Computerworld  Reprints,  c/o  Repnnt  Management  Services.  Greenfield  Corporate  Center.  1808  Colonial  Village  Lane.  Lancaster.  Pa..  17601,  (717)  399-1900.  Ext.  124  Fax:  (717)  399-8900  Web  DO  A  \  O  V? 

site:  www.repnntbuyer.com.  E-mail:  rtrylSreprrntbuyer.com.  Requests  tor  missing  issues  will  be  honored  only  it  received  within  60  days  of  Issue  date.  Subscription  rates:  $5  per  copy:  U.S.  -  $68  per  year:  Canada  -  $110  per  year:  Central  4  So  America  $250  w  »  M  J  ’■  '  J  r 

per  year:  Europe  -  $295  per  year:  all  other  countries  -  $295  per  year  Subscnptlons  call  toll-free  (800)  552-4431.  POSTMASTER:  Send  Form  3579  (Change  of  Address)  to  Computerworld.  PO  Box  512.  Mount  Moms.  III.  61054-0512. 


94 


THE  BACK  PAGE 


COMPUTERWORLD  July  22, 2002 


FRANK  HAYES/FRANKLY  SPEAKING 


Security?  No  —  Costs 

A  COMPANY  CALLED  Serena  Software  Inc.  has  been  try¬ 
ing  to  sell  me  on  the  idea  that  software  configuration 
management  is  an  important  security  tool  in  these  days 
of  terrorist  dread.  The  idea  is  that  somebody  inside 
or  outside  your  organization  could  sabotage  critical 
source  code,  and  without  a  good  configuration  management  system, 
you’d  never  know  until  it  was  too  late. 

Of  course,  Serena  makes  pricey,  high-end  configuration  manage¬ 
ment  tools,  so  it’s  not  exactly  an  impartial  observer.  But  security 
does  matter,  and  so  does  good  configuration  management. 

So,  will  fear  of  sabotage  get  corporate  IT  shops  looking  at  their 


configuration  management  needs  anytime 
soon?  Probably  not. 

After  all,  how  likely  is  that  kind  of  source- 
code  sabotage  in  most  IT  shops?  Why  would 
somebody  go  to  the  trouble  of  corrupting  a  Web 
store’s  source  code,  when  a  buffer  overflow  at¬ 
tack  is  so  much  easier?  Why  attack  any  custom 
application,  when  the  real  damage  would  be  mi¬ 
nuscule  compared  with  a  conventional  terrorist 
attack?  It’s  not  a  credible  threat. 

No,  fear  of  sabotage  probably  won’t  put  con¬ 
figuration  management  on  your  agenda.  Neither 
will  fear  of  a  business  catastrophe  caused  by  a 
new  application  that  doesn’t  work  and  can’t  be 
rolled  back.  And  fear  of  confusion  and  chaos  in 
your  software  development  projects  won’t  do  it. 
Most  of  us  have  lived  with  that  for  years. 

Right  now,  just  one  thing  will  make  us  look 
hard  at  beefing  up  our  configuration  management 
systems:  the  possibility  that  it  will  cut  costs. 

And  that  doesn’t  look  likely,  does  it?  These 
big-deal  configuration  management  systems  — 
the  kind  sold  by  Serena  and  IBM  and  Computer 
Associates  and  Compuware  and  Rational  Soft¬ 
ware  —  cost  a  bundle.  They’re  a  lot  of  work  to 
set  up  so  that  all  of  your  mainframe 
and  server  and  PC  and  Web  code  is 
tracked  by  the  system.  They  require 
training  and  time  and  discipline. 

All  that  translates  into  money 
spent,  not  money  saved.  And  unless 
you  need  it  to  get  ISO  9000  certifi¬ 
cation  or  to  nail  down  a  defense 
contract,  why  even  think  about  con¬ 
figuration  management  now? 

Why?  Because  you  can’t  cut  costs 
if  you  don’t  know  what  you’ve  got. 

You  can’t  streamline  software  de¬ 
velopment  if  your  Web  developers 
and  mainframe  programmers  are 


duplicating  one  another’s  work.  You  can’t  sim¬ 
plify  transactions  and  shorten  processes  with  a 
patchwork  of  ad  hoc,  outdated,  single-project 
configuration  management  tools.  You  can’t  even 
see  the  opportunities  to  cut  costs. 

Until  just  recently,  that  didn’t  matter,  because 
we  weren’t  worrying  much  about  costs.  During 
the  Internet  boom,  we  had  plenty  of  money  and 
bodies  to  throw  at  every  problem.  We  made 
things  up  as  we  went  along,  mixing  and  match¬ 
ing  desktop  software  and  back-end  systems  and 
Web  sites,  repurposing  mainframes  as  servers 
and  applications  as  Web  pages,  turning  our  cus¬ 
tomers  into  users. 

OK,  so  we  reinvented  lots  of  wheels  and  ended 
up  with  lots  of  mystery  code,  but  speed  was 
more  important  than  money  or  formal  processes 
or  knowing  what  we  had.  We  were  working  in 
Internet  time,  all  the  rules  were  broken,  and 
chaos  was  our  friend. 

Now  the  party’s  over.  Money  and  bodies  are 
in  short  supply,  and  to  make  the  most  of  what 
we’ve  got,  we  need  to  know  what  we’ve  got.  We 
can’t  afford  the  luxury  of  chaos  now  —  and 
we’ll  likely  never  be  able  to  afford  it  again. 

Maybe  we  won’t  implement  state- 
of-the-art  enterprise  configuration 
management  this  year  —  this  is 
pricey  stuff,  after  all,  and  it’s  the 
worst  possible  time  to  try  to  come 
up  with  the  money. 

But  soon  we  will.  If  we  really 
want  to  squeeze  the  most  out  of  our 
software  assets,  we  have  no  choice. 

Because  in  the  long  run,  if  we 
manage  our  software  development 
better  at  an  enterprise  level,  we  will 
cut  costs  —  and  speed  development, 
reduce  risks  and,  yes,  improve  secu¬ 
rity,  too.  I 


frank  hayes,  Computer- 
world's  senior  news  colum¬ 
nist,  has  covered  IT  for  more 
than  20  years.  Contact  him  at 

frank_hayes@computerworld.com. 


USER  complains  to  help  desk 
pilot  fish  that  he  updated  a  file, 
but  when  he  reopened  it  the  next 
day,  his  changes  were  gone. 

“Are  you  sure,”  he  asks,  “that  the 
backup  tape  isn’t  back-filling 
overnight  and  replacing  the  file 
from  the  previous  day?” 

IT  MANAGER  pilot  fish  is 
brought  in  late  in  the  game  on  a 
document-scanning  project  to 
digitize  a  million  pages  fora 
state  permit  department.  Fish 
notices  the  vendor’s  license 
specifies  that  it  can  scan  only 
25,000  pages  per  month  and 
does  the  math  -  it’ll  take  40 
months.  Why  are  you  planning  to 
spend  almost  four  years  to  do 
this?  he  asks  permit  technician. 
Baffled  technician  replies,  “Why 
do  you  think  it’ll  take  four  years?” 

WHEN  USERS  at  a  remote  site 
can’t  connect  to  the  company’s 
servers,  pilot  fish  scrambles  to 
rewire  connections  to  the  line- 
of-sight  antenna  that  links  the 
remote  site.  Fish  has  just  started 
working  inside  the  wiring  cabinet 
when  a  maintenance  guy  asks, 
“Should  the  UPS  over  here  be 
beeping?”  Sure  enough,  that’s 


the  UPS  the  antenna  is  plugged 
into.  “I  had  to  shut  the  breaker 
off  yesterday,”  the  maintenance 
guy  says.  “That  didn’t  cause  any 
problems,  did  it?” 

BLOWING  the  dust  out  of  his 
mouse  didn’t  solve  the  problem, 
user  tells  help  desk  pilot  fish.  But 
he  did  take  a  good  look  around 
while  dusting  its  innards.  “Could 
the  problem  be  that  the  felt  is 
wearing  off  the  wheels  inside  the 
mouse?”  he  asks.  “That's  not 
felt,”  fish  sighs.  “That’s  just  dirt 
that's  built  up.” 

AFTER  A  power  outage,  user 
calls  network  engineer  pilot  fish 
to  complain  he  can’t  access  a 
small  file  server  that  fish  knows 
isn’t  on  a  UPS.  “Is  the  server 
powered  on?”  fish  asks.  User 
checks.  “It’s  not  on,”  he  says. 
“Should  we  power  it  up?” 

Hey,  power  me  up:  sharky® 
computerworld.com.  You  get 

a  snazzy  Shark  shirt  if  we  use 
your  true  tale  of  IT  life.  And 
check  out  the  daily  feed,  browse 
the  Sharkives  and  sign  up  for 
Shark  Tank  home  delivery  at 
computerworld.  com/sharky. 


The  5th  Wave 


“  Here’s  a  little  tip  on  disassembly  tkat  you 
■won’t  £ind  in  ike  manual  .* 


c  Rich  Tennant,  www.rhe5thwavc.com 


t - » 

I 

1  -- 

|  FT-  V  •  1  .  .  : 

1  •  '  A'M 

. § _ A 

■  1  m 

1 

■BoKf. :  •’/  ;  ■■ 

1 

5 

w 

Storage  in  every  sjize  and  width. 

The  difference  between  winning  and  losing  is  a  little  thing  called 
“storage.”  And  the  winning  play  is  integrated  storage  solutions.  Why? 
Hardware  and  software  that  work  together  speed  implementation, 
let  you  maximize  your  current  infrastructure  investments,  and  help 
reduce  risk.  IBM  TotalStorage”  solutions  are  complete,  cross-platform 
storage  offerings  that  cover  storage  networking,  disk,  tape,  software 
and  services.  Bent  on  winning?  Find  out  where  you  can  test-drive 
any  IBM  storage  solution  at  ibm.com/totalstorage/solutions 


(€)  (x/siness  is  -Hit  phy  76  H/ti, 


For  further  information,  contact: 
NTT  Communications  Corporation, 
nttverio@ntt.com 


Finally,  managed  services 
that  are  actually  well-managed. 


www.nttverio.com/ad 

^  Offering  solutions  with  guaranteed  results. 


Global  IP  Network 


ip-vpn  IPSecType 

ir  vriN  MPLS  Type 


Data  Centers 


Arcstar  Global  Network  Services 


NTT/VERIO  hosting  packages  leverage  industry-leading  Sun®,  Windows  2000®,  and 
Linux™  servers  and  the  most  experienced  and  obsessive  technical  staff  in  the 
industry  to  provide  you  with  versatility,  performance  and  peace  of  mind.  Employing 
everything  from  basic  dedicated  servers  in  our  premier  data  centers  to  a  host  of 
managed  services  such  as  systems  administration,  back-up  and  restore,  server 
monitoring  and  security  /  firewall  protection,  our  staff  can  help  you  develop  a 
hosting  solution  that  supports  your  business  both  today  and  into  the  future.  And  it's 
all  backed  with  the  most  aggressive  SLAs  in  the  business. 

Visit  www.nttverio.com/ad  and  discover  an  approach  to  hosting  that  starts  with  you 
and  your  needs. 


NTT /VERIO 


Communications  Group  Offices  Japan  •  USA  •  Brazil  •  UK  •  France  •  Germany  •  Netherlands  •  Belgium  •  Switzerland 
•  Italy  •  Spain  •  Korea  •  China  •  Hong  Kong  •  Taiwan  •  Vietnam  •  Thailand  •  Indonesia  •  Singapore  •  Malaysia  •  Philippines  •  Sri  Lanka  •  Australia 

*  A  full  service  offering  may  not  be  available  in  some  areas. 
NTT  is  a  trademark  of  NIPPON  TELEGRAPH  AND  TELEPHONE  CORPORATION.  Verio  is  a  trademark  of  Verio  Inc.  Arcstar  is  a  trademark  of  NTT  Communications 
Corporation.  All  other  referenced  product  names  are  trademarks  of  their  respective  owners.  ©2002  NTT  Communications  Corporation 


